Risk Management Program Regulations for Swap Dealers, Major Swap Participants, and Futures Commission Merchants, 45826-45836 [2023-15056]
Download as PDF
<![CDATA[
45826
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
FAA Order JO 7400.11 update. FAA
Order JO 7400.11G is publicly available
as listed in the ADDRESSES section of this
document. FAA Order JO 7400.11G lists
Class A, B, C, D, and E airspace areas,
air traffic service routes, and reporting
points.
The Proposal
The FAA proposes an amendment to
14 CFR part 71 to amend Class D
airspace and Class E airspace extending
upward from 700 feet above the surface
for Flagler Executive Airport, Palm
Coast, FL, by increasing the Class D
radius to 4.2 miles (previously 4.0
miles), and the Class E airspace
extending upward from 700 feet above
the surface to 6.7 miles (previously 6.5
miles), and by updating the geographic
coordinates for this airport to coincide
with the FAA’s database. This action
would also update the airport name to
Flagler Executive Airport (previously
Flagler County Airport) and the city
name to Palm Coast (previously
Bunnell), as well as replacing the terms
Notice to Airmen with Notice to Air
Missions and Airport/Facility Directory
with Chart Supplement in the Class D
airspace description. Controlled
airspace is necessary for the area’s safety
and management of instrument flight
rules (IFR) operations.
ddrumheller on DSK120RN23PROD with PROPOSALS1
Regulatory Notices and Analyses
The FAA has determined that this
proposed regulation only involves an
established body of technical
regulations for which frequent and
routine amendments are necessary to
keep them operationally current. It,
therefore: (1) is not a ‘‘significant
regulatory action’’ under Executive
Order 12866; (2) is not a ‘‘significant
rule’’ under Department of
Transportation (DOT) Regulatory
Policies and Procedures (44 FR 11034;
February 26, 1979); and (3) does not
warrant preparation of a regulatory
evaluation as the anticipated impact is
so minimal. Since this is a routine
matter that will only affect air traffic
procedures and air navigation, it is
certified that this proposed rule, when
promulgated, will not have a significant
economic impact on a substantial
number of small entities under the
criteria of the Regulatory Flexibility Act.
Environmental Review
This proposal will be subject to an
environmental analysis in accordance
with FAA Order 1050.1F,
‘‘Environmental Impacts: Policies and
Procedures prior to any FAA final
regulatory action.
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
List of Subjects in 14 CFR Part 71
Airspace, Incorporation by reference,
Navigation (air).
COMMODITY FUTURES TRADING
COMMISSION
17 CFR Parts 1 and 23
The Proposed Amendment
RIN 3038–AE59
In consideration of the foregoing, the
Federal Aviation Administration
proposes to amend 14 CFR part 71 as
follows:
Risk Management Program
Regulations for Swap Dealers, Major
Swap Participants, and Futures
Commission Merchants
PART 71—DESIGNATION OF CLASS A,
B, C, D, AND E AIRSPACE AREAS; AIR
TRAFFIC SERVICE ROUTES; AND
REPORTING POINTS
AGENCY:
1. The authority citation for part 71
continues to read as follows:
■
Authority: 49 U.S.C. 106(f), 106(g); 40103,
40113, 40120; E.O. 10854, 24 FR 9565, 3 CFR,
1959–1963 Comp., p. 389.
§ 71.1
[Amended]
2. The incorporation by reference in
14 CFR 71.1 of FAA Order JO 7400.11G,
Airspace Designations and Reporting
Points, dated August 19, 2022, and
effective September 15, 2022, is
amended as follows:
■
Paragraph 5000
Class D Airspace.
*
*
*
ASO FL D
*
*
Palm Coast, FL [Amended]
Flagler Executive Airport, FL
(Lat 29°27′55″ N, long 81°12′28″ W)
That airspace extending upward from the
surface to and including 1,500 feet MSL
within a 4.2-mile radius of the Flagler
Executive Airport. This Class D airspace area
is effective during the specific dates and
times established in advance by a Notice to
Air Missions. The effective date and time
will thereafter be continuously published in
the Chart Supplement.
*
*
*
*
*
Paragraph 6005 Class E Airspace Areas
Extending Upward From 700 Feet or More
Above the Surface of the Earth.
*
*
ASO FL E5
*
*
*
Palm Coast, FL [Amended]
Flagler Executive Airport, FL
(Lat 29°27′55″ N, long 81°12′28″ W)
That airspace extending upward from 700
feet above the surface within a 6.7-mile
radius of Flagler Executive Airport.
*
*
*
*
*
Issued in College Park, Georgia, on July 12,
2023.
Andreese C. Davis,
Manager, Airspace & Procedures Team South,
Eastern Service Center, Air Traffic
Organization.
[FR Doc. 2023–15150 Filed 7–17–23; 8:45 am]
BILLING CODE 4910–13–P
PO 00000
Frm 00005
Fmt 4702
Sfmt 4702
Commodity Futures Trading
Commission.
ACTION: Advance notice of proposed
rulemaking; request for comments.
The Commodity Futures
Trading Commission (CFTC or
Commission) is issuing this Advance
Notice of Proposed Rulemaking
(ANPRM or Notice) and seeking public
comment regarding potential regulatory
amendments under the Commodity
Exchange Act governing the risk
management programs of swap dealers,
major swap participants, and futures
commission merchants. In particular,
the Commission is seeking information
and public comment on several issues
stemming from the adoption of certain
risk management programs, including
the governance and structure of such
programs, the enumerated risks these
programs must monitor and manage,
and the specific risk considerations they
must take into account; the Commission
further seeks comment on how the
related periodic risk reporting regime
could be altered or improved. The
Commission intends to use the
information and comments received
from this Notice to inform potential
future agency action, such as a
rulemaking, with respect to risk
management.
SUMMARY:
Comments must be in writing
and received by September 18, 2023.
ADDRESSES: You may submit comments,
identified by RIN 3038–AE59, by any of
the following methods:
• CFTC Comments Portal: https://
comments.cftc.gov. Select the ‘‘Submit
Comments’’ link for this rulemaking and
follow the instructions on the Public
Comment Form.
• Mail: Send to Christopher
Kirkpatrick, Secretary of the
Commission, Commodity Futures
Trading Commission, Three Lafayette
Centre, 1155 21st Street NW,
Washington, DC 20581.
• Hand Delivery/Courier: Follow the
same instruction as for Mail, above.
Please submit your comments using
only one of these methods. Submissions
through the CFTC Comments Portal are
encouraged. All comments must be
submitted in English, or if not,
DATES:
E:\FR\FM\18JYP1.SGM
18JYP1
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
accompanied by an English translation.
Comments will be posted as received to
https://comments.cftc.gov. You should
submit only information that you wish
to make available publicly. If you wish
the Commission to consider information
that you believe is exempt from
disclosure under the Freedom of
Information Act (FOIA), a petition for
confidential treatment of the exempt
information may be submitted according
to the procedures established in section
145.9 of the Commission’s regulations.
The Commission reserves the right, but
shall have no obligation, to review,
prescreen, filter, redact, refuse, or
remove any or all of your submission
from https://comments.cftc.gov that it
may deem to be inappropriate for
publication, such as obscene language.
All submissions that have been redacted
or removed that contain comments on
the merits of the rulemaking will be
retained in the public comment file and
will be considered as required under the
Administrative Procedure Act (APA)
and other applicable laws and may be
accessible under the FOIA.
FOR FURTHER INFORMATION CONTACT:
Amanda L. Olear, Director, 202–418–
5283, aolear@cftc.gov; Pamela M.
Geraghty, Deputy Director, 202–418–
5634, pgeraghty@cftc.gov; Fern
Simmons, Associate Director, 202–418–
5901, fsimmons@cftc.gov; or Elizabeth
Groover, Special Counsel, 202–418–
5985, egroover@cftc.gov; each in the
Market Participants Division at the
Commodity Futures Trading
Commission, Three Lafayette Centre,
1155 21st Street NW, Washington, DC
20581.
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Background
II. Questions and Request for Comment
A. Risk Management Program Governance
B. Enumerated Risks in the Risk
Management Program Regulations
C. Periodic Risk Exposure Reporting by
Swap Dealers and Futures Commission
Merchants
D. Other Areas of Risk
ddrumheller on DSK120RN23PROD with PROPOSALS1
I. Background
Title VII of the Dodd-Frank Wall
Street Reform and Consumer Protection
Act 1 (Dodd-Frank Act) amended the
Commodity Exchange Act (CEA) 2 to
establish a comprehensive regulatory
framework to reduce risk, increase
transparency, and promote market
integrity within the financial system by,
among other things, providing for the
1 See Dodd-Frank Act, Public Law 111–203, 124
Stat. 1376 (2010).
2 7 U.S.C. 1 et seq.
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
registration and comprehensive
regulation of swap dealers (SDs) 3 and
major swap participants (MSPs),4 and
enhancing the rulemaking and
enforcement authorities of the CFTC
with respect to all registered entities
and intermediaries subject to its
oversight, including, among others,
futures commission merchants (FCMs).5
Added by the Dodd-Frank Act, CEA
section 4s(j) outlines the duties with
which SDs must comply.6 Specifically,
CEA section 4s(j)(2) requires SDs to
establish robust and professional risk
management systems adequate for
managing the day-to-day business of the
registrant.7 CEA section 4s(j)(7) directs
the Commission to prescribe rules
governing the duties of SDs, including
the duty to establish risk management
procedures.8 In April 2012, the
Commission adopted Regulation
23.600,9 which established
requirements for the development,
approval, implementation, and
operation of SD risk management
programs (RMPs).10
3 An SD is an entity that holds itself out as a
dealer in swaps; makes a market in swaps; regularly
enters into swaps with counterparties as an
ordinary course of business for its own account; or
engages in any activity causing the entity to be
commonly known in the trade as a dealer or market
maker in swaps. See 7 U.S.C. 1a(49)(A); see also 17
CFR 1.3 (describing exceptions and limitations).
4 An MSP is any person that is not an SD and
maintains a substantial position in swaps for any
of the major swap categories; whose outstanding
swaps create substantial counterparty exposure that
could have serious adverse effects on the financial
stability of the United States banking system or
financial markets; or is a financial entity that is
highly leveraged relative to the amount of capital
it holds and that is not subject to capital
requirements established by an appropriate Federal
banking agency and maintains a substantial
position in outstanding swaps in any major swap
category. See 7 U.S.C. 1a(33)(A); 17 CFR 1.3. There
are currently no registered MSPs; the relevant
regulatory requirements discussed in this ANPRM,
however, apply to both SDs and MSPs. For ease of
drafting, throughout this Notice, any reference to
SDs should be construed to include both SDs and
MSPs.
5 An FCM is an entity that solicits or accepts
orders to buy or sell futures contracts, options on
futures, retail off-exchange forex contracts or swaps,
and accepts money or other assets from customers
to support such orders. See 7 U.S.C. 1a(28); 17 CFR
1.3.
6 7 U.S.C. 6s(j).
7 7 U.S.C. 6s(j)(2).
8 7 U.S.C. 6s(j)(7).
9 17 CFR 23.600.
10 Swap Dealer and Major Swap Participant
Recordkeeping, Reporting, and Duties Rules;
Futures Commission Merchant and Introducing
Broker Conflicts of Interest Rules; and Chief
Compliance Officer Rules for Swap Dealers, Major
Swap Participants, and Futures Commission
Merchants, 77 FR 20128 (Apr. 3, 2012) (2012 SD
Risk Management Final Rule). For additional
background, see the related notice of proposed
rulemaking: Regulations Establishing and
Governing the Duties of Swap Dealers and Major
Swap Participants, 75 FR 71397 (Nov. 23, 2010).
PO 00000
Frm 00006
Fmt 4702
Sfmt 4702
45827
Following two FCM insolvencies
involving the misuse of customer funds
in 2011 and 2012, the Commission
proposed and adopted a series of
regulatory amendments designed to
enhance the protection of customers and
customer funds held by FCMs.11 The
Commission adopted Regulation 1.11 in
2013 to establish risk management
requirements for those FCMs that accept
customer funds. Regulation 1.11 is
largely aligned with the SD risk
management requirements in Regulation
23.600 (together with Regulation 1.11,
the RMP Regulations).12 The
Commission concluded at that time that
it could mitigate the risks of misconduct
and an FCM’s failure to maintain
required funds in segregation 13 with
more robust risk management systems
and controls.14
The Commission is issuing this
ANPRM for several reasons. After
Regulation 23.600 was initially adopted
in 2012, the Commission received a
number of questions from SDs
concerning compliance with these
requirements, particularly those
concerning governance (for example,
questions regarding who is properly
designated as ‘‘senior management,’’ as
well as issues relating to the reporting
lines within the risk management
unit).15 The intervening decade of
examination findings and ongoing
requests for staff guidance from SDs
with respect to Regulation 23.600
warrant consideration of the
Commission’s rules and additional
public discourse on this topic.
The Commission has further
identified the enumerated areas of risk
that RMPs are required to take into
account, and the quarterly risk exposure
reports (RERs), as other areas of
potential confusion and inconsistency
11 Enhancing Protections Afforded Customers and
Customer Funds Held by Futures Commission
Merchants and Derivatives Clearing Organizations,
77 FR 67866 (Nov. 14, 2012) (FCM Customer
Protection Proposed Rule); Enhancing Protections
Afforded Customers and Customer Funds Held by
Futures Commission Merchants and Derivatives
Clearing Organizations, 78 FR 68506 (Nov. 14,
2013) (FCM Customer Protection Final Rule).
12 17 CFR 1.11; FCM Customer Protection Final
Rule.
13 The statutory requirement for FCMs to
segregate customer funds from their own funds is
a fundamental cornerstone of customer protection.
FCM Customer Protection Final Rule, 78 FR at
68506 (‘‘The protection of customers—and the
safeguarding of money, securities or other property
deposited by customers with an FCM—is a
fundamental component of the Commission’s
disclosure and financial responsibility
framework.’’).
14 Id. at 68509.
15 Some SDs expressed confusion to Commission
staff regarding the reporting line requirements and
the regulatory definitions of ‘‘governing body’’ and
‘‘senior management.’’
E:\FR\FM\18JYP1.SGM
18JYP1
45828
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
in the RMP Regulations for SDs and
FCMs. Commission staff has observed
significant variance among SD and FCM
RERs with respect to how they define
and report on the enumerated areas of
risk (e.g., market risk, credit risk,
liquidity risk, etc.), making it difficult
for the Commission to gain a clear
understanding of how specific risk
exposures are being monitored and
managed by individual SDs and FCMs
over time, as well as across SDs and
FCMs during a specified time period.
Furthermore, the Commission’s
implementation experiences and certain
market events over the last decade
indicate that it may be appropriate to
consider whether to include additional
enumerated areas of risk in the RMP
Regulations.
The Commission has observed
inefficiencies with respect to the RER
requirements in the RMP Regulations.
Currently, Regulations 23.600(c)(2) and
1.11(e)(2) 16 prescribe neither the format
of the RER nor its exact filing
schedule.17 As a result, the Commission
frequently receives RERs in inconsistent
formats containing stale information, in
some cases data that is at least 90 days
out-of-date. Furthermore, a number of
SDs have indicated that the quarterly
RERs are not relied upon for their
internal risk management purposes, but
rather, they are created solely to comply
with Regulation 23.600, indicating to
the Commission that additional
consideration of the RER requirement is
warranted.
Finally, the Commission also reminds
SDs and FCMs that their RMPs may
require periodic updates to reflect and
keep pace with technological
innovations that have developed or
evolved since the Commission first
promulgated the RMP Regulations.18
The Commission is seeking information
regarding any risk areas that may exist
in the RMP Regulations that the
Commission should consider with
respect to notable product or
technological developments.
16 17
CFR 23.600(c)(2); 17 CFR 1.11(e)(2).
timeline for filing quarterly RERs with the
Commission is tied to when such reports are given
to SDs’ and FCMs’ senior management. Regulations
23.600(c)(2) and 1.11(e)(2) do not prescribe how
soon after a quarter-end an SD or FCM must provide
its RER to senior management or the format in
which the SD or FCM must submit the information
required in the RER to the Commission. Id.
18 Since the adoption of the RMP Regulations,
some SDs and FCMs have engaged in novel product
offerings, such as derivatives on certain digital
assets, have increased their facilitation of electronic
and automated trading, and have incorporated into
their operations the use of recent technological
developments, including cloud-based storage and
computing, and possibly artificial intelligence and
machine learning technologies.
ddrumheller on DSK120RN23PROD with PROPOSALS1
17 The
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
Therefore, the Commission is issuing
this Notice to seek industry and public
comment on these aforementioned
specific aspects of the existing RMP
Regulations, as discussed further below.
II. Questions and Request for Comment
In responding to each of the following
questions, please provide a detailed
response, including the rationale for
such response, cost and benefit
considerations, and relevant supporting
information. The Commission
encourages commenters to include the
subsection title and the assigned
number of the specific request for
information in their submitted
responses to facilitate the review of
public comments by Commission staff.
A. Risk Management Program
Governance
Regulations 23.600(a) and (b) set out
the parameters by which an SD must
structure and govern its RMPs.
Regulation 23.600(a) sets forth certain
definitions, including ‘‘business trading
unit,’’ 19 ‘‘governing body,’’ 20 and
‘‘senior management,’’ 21 whereas
Regulation 23.600(b) requires an SD to
memorialize its RMP through written
policies and procedures, which the SD’s
governing body must approve.22
Regulation 23.600(b) further requires an
SD to create a risk management unit
(RMU) that: (1) is charged with carrying
out the SD’s RMP; (2) has sufficient
authority, qualified personnel, and
resources to carry out the RMP; (3)
reports directly to senior management;
and (4) is independent from the
business trading unit.23
Similar to Regulation 23.600,
Regulation 1.11 contains specific
requirements with respect to the risk
19 ‘‘Business trading unit’’ is defined as, any
department, division, group, or personnel of a swap
dealer or major swap participant or any of its
affiliates, whether or not identified as such, that
performs, or personnel exercising direct supervisory
authority over the performance of any pricing
(excluding price verification for risk management
purposes), trading, sales, marketing, advertising,
solicitation, structuring, or brokerage activities on
behalf of a registrant. 17 CFR 23.600(a)(2).
20 ‘‘Governing body’’ is defined as, (1) A board of
directors; (2) A body performing a function similar
to a board of directors; (3) Any committee of a board
or body; or (4) The chief executive officer of a
registrant, or any such board, body, committee, or
officer of a division of a registrant, provided that the
registrant’s swaps activities for which registration
with the Commission is required are wholly
contained in a separately identifiable division. 17
CFR 23.600(a)(4).
21 ‘‘Senior management’’ is defined as, with
respect to a registrant, any officer or officers
specifically granted the authority and responsibility
to fulfill the requirements of senior management by
the registrant’s governing body. 17 CFR
23.600(a)(6).
22 17 CFR 23.600(b).
23 17 CFR 23.600(b)(5).
PO 00000
Frm 00007
Fmt 4702
Sfmt 4702
governance structure.24 Regulation
1.11(b) defines ‘‘business unit,’’ 25
‘‘governing body,’’ 26 and ‘‘senior
management,’’ 27 while Regulation
1.11(c) requires the FCM to establish the
RMP through written policies and
procedures, which the FCM’s governing
body must approve.28 Regulation
1.11(d) requires that an FCM establish
and maintain an RMU with sufficient
authority; qualified personnel; and
financial, operational, and other
resources to carry out the RMP, that is
independent from the business unit and
reports directly to senior management.29
The Commission seeks comment
generally on the RMP structure and
related governance requirements
currently found in the RMP Regulations
for SDs and FCMs. In addition,
commenters should seek to address the
following questions:
1. Do the definitions of ‘‘governing
body’’ in the RMP Regulations
encompass the variety of business
structures and entities used by SDs and
FCMs?
a. Should the Commission consider
expanding the definition of ‘‘governing
body’’ in Regulation 23.600(a)(4) to
include other officers in addition to an
SD’s CEO, or other bodies other than an
SD’s board of directors (or body
performing a similar function)?
b. Are there any other amendments to
the ‘‘governing body’’ definition in
24 17
CFR 1.11.
unit’’ is defined as, any department,
division, group, or personnel of a futures
commission merchant or any of its affiliates,
whether or not identified as such that: (i) Engages
in soliciting or in accepting orders for the purchase
or sale of any commodity interest and that, in or
in connection with such solicitation or acceptance
of orders, accepts any money, securities, or property
(or extends credit in lieu thereof) to margin,
guarantee, or secure any trades or contracts that
result or may result therefrom; or (ii) Otherwise
handles segregated funds, including managing,
investing, and overseeing the custody of segregated
funds, or any documentation in connection
therewith, other than for risk management
purposes; and (iii) Any personnel exercising direct
supervisory authority of the performance of the
activities described in paragraph (b)(1)(i) or (ii). 17
CFR 1.11(b)(1)(i)–(iii).
26 ‘‘Governing body’’ is defined as, the proprietor,
if the futures commission merchant is a sole
proprietorship; a general partner, if the futures
commission merchant is a partnership; the board of
directors if the futures commission merchant is a
corporation; the chief executive officer, the chief
financial officer, the manager, the managing
member, or those members vested with the
management authority if the futures commission
merchant is a limited liability company or limited
liability partnership. 17 CFR 1.11(b)(3).
27 ‘‘Senior management’’ is defined as, any officer
or officers specifically granted the authority and
responsibility to fulfill the requirements of senior
management by the governing body. 17 CFR
1.11(b)(5).
28 17 CFR 1.11(c).
29 17 CFR 1.11(d).
25 ‘‘Business
E:\FR\FM\18JYP1.SGM
18JYP1
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
Regulation 23.600(a)(4) that the
Commission should consider?
c. Should similar amendments be
considered for the ‘‘governing body’’
definition applicable to FCMs in
Regulation 1.11(b)(3)?
2. Should the Commission consider
amending the definitions of ‘‘senior
management’’ in the RMP Regulations?
Are there specific roles or functions
within an SD or FCM that the
Commission should consider including
in the RMP Regulations’ ‘‘senior
management’’ definitions?
3. Should the RMP Regulations
specifically address or discuss reporting
lines within an SD’s or FCM’s RMU?
4. Should the Commission propose
and adopt standards for the
qualifications 30 of certain RMU
personnel (e.g., model validators)? 31
5. Should the RMP Regulations
further clarify RMU independence and/
or freedom from undue influence, other
than the existing general requirement
that the RMU be independent of the
business unit or business trading
unit? 32
6. Are there other regulatory regimes
the Commission should consider in a
holistic review of the RMP Regulations?
For instance, should the Commission
consider harmonizing the RMP
Regulations with the risk management
regimes of prudential regulators? 33
7. Are there other portions of the RMP
Regulations concerning governance that
are not addressed above that the
Commission should consider changing?
Please explain.
ddrumheller on DSK120RN23PROD with PROPOSALS1
B. Enumerated Risks in the Risk
Management Program Regulations
The RMP Regulations specify certain
enumerated risks that SDs’ and FCMs’
RMPs must consider. Specifically,
Regulation 23.600(c)(1)(i) identifies
specific areas of enumerated risk that an
SD’s RMP must take into account:
market risk, credit risk, liquidity risk,
foreign currency risk, legal risk,
30 This could include, for example, prior risk
management experience.
31 Regulations 23.600(b)(5) and 1.11(d) require
SDs and FCMs to establish and maintain RMUs
with ‘‘qualified personnel.’’ 17 CFR 23.600(b)(5); 17
CFR 1.11(d).
32 See 17 CFR 23.600(b)(5). This concept relates
to the fact that an RMU may be wholly
‘‘independent’’ from the business unit or business
trading unit in terms of physical location and
reporting lines, but that does not necessarily equate
to freedom from undue influence. For example,
during model validation activities, an SD’s business
trading unit, whose staff created the model, may try
to improperly influence the RMU’s model reviewer
employees, who are undertaking an independent
assessment of it.
33 See 7 U.S.C. 1a(39) (defining the term
‘‘prudential regulator’’). Non-U.S. SDs may also be
subject to prudential supervision by regulatory
authorities in their home jurisdiction.
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
operational risk, and settlement risk.34
Though not identical, Regulation
1.11(e)(1)(i) similarly lists specific areas
of enumerated risk that an FCM’s RMP
must take into account: market risk,
credit risk, liquidity risk, foreign
currency risk, legal risk, operational
risk, settlement risk, segregation risk,
technological risk, and capital risk.35
Regulation 23.600(c)(4) requires that
an SD’s RMP include, but not be limited
to, policies and procedures necessary to
monitor and manage all of the risks
enumerated in Regulation
23.600(c)(1)(i), as well as requiring that
the policies and procedures for each
such risk take into account specific risk
management considerations.36 In
contrast, Regulation 1.11(e)(3) requires
that an FCM’s RMP include, but not be
limited to, policies and procedures that
monitor and manage segregation risk,
operational risk, and capital risk, along
with enumerating specific risk
management considerations that are
required to be included and/or
addressed in the policies and
procedures for these risks.37 Unlike
Regulation 23.600(c)(4), Regulation
1.11(e)(3) does not explicitly require
policies and procedures, or enumerate
attendant specific risk considerations,
for all of the types of risk that must be
taken into account by an FCM’s RMP
pursuant to Regulation 1.11(e)(1)(i),
focusing instead on segregation,
operational, and capital risks.
The Commission requests comment
on SDs’ and FCMs’ enumerated risks
generally, including: (a) whether
specific risk considerations that must be
taken into account with respect to
certain enumerated risks should be
amended; (b) whether definitions
should be added for each enumerated
risk; and finally, (c) whether the
Commission should enumerate and
define any additional types of risk in the
RMP Regulations. In particular:
1. Should the Commission amend
Regulation 1.11(e)(3) to require that
FCMs’ RMPs include, but not be limited
to, policies and procedures necessary to
monitor and manage all of the
enumerated risks identified in
Regulation 1.11(e)(1) that an FCM’s
RMP is required to take into account,
not just segregation, operational, or
capital risk (i.e., market risk, credit risk,
liquidity risk, foreign currency risk,
legal risk, settlement risk, and
technological risk)? If so, should the
Commission adopt specific risk
management considerations for each
PO 00000
34 17
CFR 23.600(c)(1).
CFR 1.11(e)(1)(i).
36 17 CFR 23.600(c)(4).
37 17 CFR 1.11(e)(3).
35 17
Frm 00008
Fmt 4702
Sfmt 4702
45829
enumerated risk, similar to those
described in Regulation 23.600(c)(4)?
2. Regulation 23.600(c)(4)(i) requires
SDs to establish policies and procedures
necessary to monitor and manage
market risk.38 These policies and
procedures must consider, among other
things, ‘‘timely and reliable valuation
data derived from, or verified by,
sources that are independent of the
business trading unit, and if derived
from pricing models, that the models
have been independently validated by
qualified, independent external or
internal persons.’’ 39
a. Does this validation requirement in
Regulation 23.600(c)(4)(i)(B) warrant
clarification?
b. Should validation, as it is currently
required in Regulation 23.600(c)(4)(i)(B),
align more closely with the validation of
margin models discussed in Regulation
23.154(b)(5)? 40
3. The policies and procedures
mandated by Regulations 23.600(c)(4)(i)
and (ii) to monitor and manage market
risk and credit risk must take into
account, among other considerations,
daily measurement of market exposure,
including exposure due to unique
product characteristics and volatility of
prices, and daily measurement of
overall credit exposure to comply with
counterparty credit limits.41 To manage
their risk exposures, SDs employ
various financial risk management tools,
including the exchange of initial margin
for uncleared swaps. In that regard, the
Commission has set forth minimum
initial margin requirements for
uncleared swaps,42 which can be
calculated using either a standardized
table or a proprietary risk-based
model.43 An SD’s risk exposures to
certain products and underlying asset
classes may, however, warrant the
collection and posting of initial margin
above the minimum regulatory
requirements set forth in the
standardized table. Should the
Commission expand the specific risk
management considerations listed in
Regulations 23.600(c)(4)(i)–(ii) to add
38 17
CFR 23.600(c)(4)(i).
CFR 23.600(c)(4)(i)(B).
40 17 CFR 23.154(b)(5) (outlining the process and
requirements for the control, oversight, and
validation mechanisms for initial margin models).
41 17 CFR 23.600(c)(4)(i)–(ii).
42 17 CFR 23.150–161. In adopting the margin
requirements for uncleared swaps, the Commission
noted that the initial margin amount required under
the rules is a minimum requirement. See Margin
Requirements for Uncleared Swaps for Swap
Dealers and Major Swap Participants, 81 FR 636,
649 (Jan. 6, 2016). This is consistent with CEA
section 4s(e), which directed the Commission to
prescribe by rule or regulation minimum margin
requirements for non-bank SDs. See 7 U.S.C.
6s(e)(2)(B).
43 17 CFR 23.154.
39 17
E:\FR\FM\18JYP1.SGM
18JYP1
ddrumheller on DSK120RN23PROD with PROPOSALS1
45830
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
that an SD’s RMP policies and
procedures designed to manage market
risk and/or credit risk must also take
into account whether the collection or
posting of initial margin above the
minimum regulatory requirements set
forth in the standardized table is
warranted?
4. The RMP Regulations enumerate,
but do not define, the specific risks that
SDs’ and FCMs’ RMPs must take into
account. Should the Commission
consider adding definitions for any or
all of these enumerated risks? If so,
should the enumerated risk definitions
be identical for both SDs and FCMs?
5. The Federal Reserve and Basel III
define ‘‘operational risk’’ as the risk of
loss resulting from inadequate or failed
internal processes, people, and systems
or from external events.44 Would adding
a definition of ‘‘operational risk’’ to the
RMP Regulations that is closely aligned
with this definition increase clarity and/
or efficiencies for SD and FCM risk
management practices, or otherwise be
helpful? Should the Commission
consider identifying specific sub-types
of operational risk for purposes of the
SD and FCM RMP requirements?
6. Technological risk is identified in
Regulation 1.11(e)(1)(i) as a type of risk
that an FCM’s RMP must take into
account; however, technological risk is
not similarly included in Regulation
23.600(c)(1)(i) as an enumerated risk
that an SD’s RMP must address. Should
the Commission amend Regulation
23.600(c)(1)(i) to add technological risk
as a type of risk that SDs’ RMPs must
take into account?
a. Should technological risk, if added
for SDs, be identified as a specific risk
consideration within operational risk, as
described by Regulation 23.600(c)(4)(vi),
or should it be a standalone,
independently enumerated area of risk?
b. If technological risk is added as its
own enumerated area of risk, what risk
considerations should an SD’s RMP
policies and procedures address, as
required by Regulation 23.600(c)(4)?
c. Relatedly, although technological
risk is included in the various types of
risk that an FCM’s RMP must take into
account, no specific risk considerations
for technological risk are further
outlined in Regulation 1.11(e)(3).45
What, if any, specific risk
considerations for technological risk
should be added to Regulation
1.11(e)(3)? Should the Commission
44 12 CFR 217.101(b); Basel Committee on
Banking Supervision, ‘‘Calculation of RWA for
Operational Risk’’ (Dec. 2019), available at https://
www.bis.org/basel_framework/chapter/OPE/
10.htm?inforce=20191215&published=20191215.
45 See 17 CFR 1.11(e)(1)(i); cf. 17 CFR
1.11(e)(3)(i)–(iii).
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
categorize any additional specific risk
considerations for technological risk as
a subset of the existing ‘‘operational
risk’’ considerations in Regulation
1.11(e)(3)(ii), or should ‘‘technological
risk’’ have its own independent category
of specific risk considerations in
Regulation 1.11(e)(3)?
d. Should the Commission define
‘‘technological risk’’ in the RMP
Regulations? For example, Canada’s
Office of the Superintendent of
Financial Institutions (OSFI) defines
‘‘technology risk’’ as ‘‘the risk arising
from the inadequacy, disruption,
destruction, failure, damage from
unauthorized access, modifications, or
malicious use of information technology
assets, people or processes that enable
and support business needs and can
result in financial loss and/or
reputational damage.’’ 46 If the
Commission were to add a definition of
‘‘technological risk’’ to the RMP
Regulations, should it be identical or
similar to that recently finalized by
OSFI? 47 If not, how should it otherwise
be defined? Should the Commission
consider different definitions of
‘‘technological risk’’ for SDs and FCMs?
Should the Commission consider
providing examples of ‘‘information
technology assets’’ to incorporate risks
that may arise from the use of certain
emerging technologies, such as artificial
intelligence and machine learning
technology, distributed ledger
technologies (e.g., blockchains), digital
asset and smart contract-related
applications, and algorithmic and other
model-based technology applications?
7. Are there any other types of risk
that the Commission should consider
enumerating in the RMP Regulations as
risks required to be monitored and
managed by SDs’ and FCMs’ RMPs?
Geopolitical risk? Environmental, social
and governance (ESG) risk? Climaterelated financial risk, including physical
46 See OSFI Guideline B–13, Technology and
Cyber Risk Management (July 2022), available at
https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/
gl-ld/Pages/b13.aspx. The final Guideline B–13 will
be effective as of January 1, 2024.
47 The prudential regulators and the Securities
and Exchange Commission (SEC) have not yet
proposed or adopted definitions of ‘‘technological
risk.’’ Accordingly, Commission staff turned to nonU.S. financial regulators for potential definitions of
this term. Canada’s OSFI recently finalized its
definition of ‘‘technology risk,’’ following extensive
engagement with industry and the public that
included the September 2020 publication of its
discussion paper and a consultation period from
September to December 2020; the issuance of
proposed guidance in November 2021; and further
consultation on its proposed guidance from
November 2021 to February 2022. See OSFI
Releases New Guideline for Technology and Cyber
Risk, Balancing Innovation with Risk Management
(July 13, 2022), available at https://www.osfibsif.gc.ca/Eng/osfi-bsif/med/Pages/b13-nr.aspx.
PO 00000
Frm 00009
Fmt 4702
Sfmt 4702
risk and transition risk such as the
energy transition? Reputational risk?
Funding risk? Collateral risk?
Concentration risk? Model risk?
Cybersecurity risk? Regulatory and
compliance risk arising from conduct in
foreign jurisdictions? Contagion risk?
a. Should these potential new risks be
defined in the RMP Regulations?
b. With respect to each newly
suggested enumerated risk, what, if any,
specific risk considerations should an
SD’s or FCM’s RMP policies and
procedures be required to include?
c. Are there international standards
for risk management with which the
Commission should consider aligning
the RMP Regulations?
C. Periodic Risk Exposure Reporting by
Swap Dealers and Futures Commission
Merchants
In accordance with Regulation
23.600(c)(2), an SD must provide to its
senior management and governing body
a quarterly RER containing specific
information on the SD’s risk exposures
and the current state of its RMP; the
RER shall also be provided to the SD’s
senior management and governing body
immediately upon the detection of any
material change in the risk exposure of
the SD.48 SDs are required to furnish
copies of all RERs to the Commission
within five (5) business days of
providing such RERs on a quarterly
basis to their senior management.49
Likewise, Regulation 1.11(e)(2) has an
identical RER requirement for FCMs.50
This Notice seeks comment generally
on how the current RER regime for SDs
and FCMs could be improved, as well
as specific responses to the questions
listed below:
1. At what frequency should the
Commission require SDs and FCMs to
furnish copies of their RERs to the
Commission?
2. Should the Commission consider
changing the RER filing requirements to
require filing with the Commission by a
certain day (e.g., a week, month, or
other specific timeframe after the
quarter-end), rather than tying the filing
requirement to when the RER is
furnished to senior management?
3. Should the Commission consider
harmonizing or aligning, in whole or in
part, the RER content requirements in
48 17 CFR 23.600(c)(2). SD RERs shall set forth the
market, credit, liquidity, foreign currency, legal,
operational, settlement, and any other applicable
risk exposures of the SD; any recommended or
completed changes to the RMP; the recommended
time frame for implementing recommended
changes; and the status of any incomplete
implementation of previously recommended
changes to the RMP. Id.
49 17 CFR 23.600(c)(2)(ii).
50 17 CFR 1.11(e)(2).
E:\FR\FM\18JYP1.SGM
18JYP1
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
ddrumheller on DSK120RN23PROD with PROPOSALS1
the RMP Regulations with those of the
National Futures Association (NFA)’s
SD monthly risk data filings? 51
a. If so, should the Commission
consider any changes or additions to the
data metrics currently collected by NFA
as could be required in the RMP
Regulations?
b. For FCMs who are not currently
required to file monthly risk data filings
with NFA, were the Commission to
adopt a monthly risk exposure reporting
requirement, are there different risk data
metrics for FCMs that it should consider
including? If so, what are they?
4. Are there additional SD or FCMspecific data metrics or risk
management issues that the Commission
should consider adding to the content
requirements of the RER?
5. Should the Commission consider
prescribing the format of the RERs? For
instance, should the Commission
consider requiring the RER to be a
template or form that SDs and FCMs fill
out?
6. In furtherance of the RER filing
requirement, should the Commission
consider allowing SDs and FCMs to
furnish to the Commission the internal
risk reporting they already create,
maintain, and/or use for their risk
management program?
a. If so, how often should these
reports be required to be filed with the
Commission?
b. If the Commission allowed an SD
or FCM to provide the Commission with
its own risk reporting, should the
Commission prescribe certain minimum
content and/or format requirements?
7. Should the Commission consider
prescribing the standard SDs and FCMs
use when determining whether they
have experienced a material change in
risk exposure, pursuant to Regulations
23.600(c)(2)(i) and 1.11(e)(2)(i)?
Alternatively, should the Commission
continue to allow SDs and FCMs to use
their own internally-developed
standards for determining when such a
material change in risk exposure has
occurred?
8. Should the Commission clarify the
requirements in Regulations
23.600(c)(2)(i) and 1.11(e)(2)(i) that
51 SDs must report certain metrics related to
market and credit risk, including Value at Risk
(VaR) for interest rates, credit, forex, equities,
commodities, and total VaR; total stressed VaR;
interest rate sensitivity by tenor bucket; credit
spread sensitivity; forex market sensitivities;
commodity market sensitivities; total swaps current
exposure before collateral; total swaps current
exposure net of collateral; total credit valuation
adjustment or expected credit loss; and largest
swaps counterparty current exposures. See NFA,
Notice I–17–10: Monthly Risk Data Reporting
Requirements for Swap Dealers (May 30, 2017),
available at https://www.nfa.futures.org/news/
newsNotice.asp?ArticleID=4817.
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
RERs shall be provided to the senior
management and the governing body
immediately upon detection of any
material change in the risk exposure of
the SD or FCM?
9. Should the Commission consider
setting a deadline for when an SD or
FCM must notify the Commission of any
material changes in risk exposure? If so,
what should be the deadline?
10. Should the Commission consider
additional governance requirements in
connection with the provision of the
quarterly RER to the senior management
and the governing body of a SD, or of
an FCM, respectively?
11. Should the Commission require
the RERs to report on risk at the
registrant level, the enterprise level (in
cases where the registrant is a
subsidiary of, affiliated with, or
guaranteed by a corporate family), or
both? What data metrics are relevant for
each level?
12. Should the Commission require
that RERs contain information related to
any breach of risk tolerance limits
described in Regulations 23.600(c)(1)(i)
and 1.11(e)(1)(i)? Alternatively, should
the Commission require prompt notice,
outside of the RER requirement, of any
breaches of the risk tolerance limits that
were approved by an SD’s or FCM’s
senior management and governing
body? Should there be a materiality
standard for inclusion of breaches in
RERs or requiring notice to the
Commission?
13. Should the Commission require
that RERs contain information related to
material violations of the RMP policies
or procedures required in Regulations
23.600(b)(1) and 1.11(c)(1)?
14. Should the Commission require
that RERs additionally discuss any
known issues, defects, or gaps in the
risk management controls that SDs and
FCMs employ to monitor and manage
the specific risk considerations under
Regulations 23.600(c)(4) and 1.11(e)(3),
as well as including a discussion of
their progress toward mitigation and
remediation?
D. Other Areas of Risk
Recent market, credit, operational,
and geopolitical events have highlighted
the critical importance of risk
management and the need to
periodically review risk management
practices. Therefore, the Commission is
interested in feedback and comment on
other RMP-related topics, specifically:
(1) the segregation of customer funds
and safeguarding of counterparty
collateral, and (2) risks posed by
affiliates, lines of business, and other
trading activity. The Commission
continues to have confidence in its
PO 00000
Frm 00010
Fmt 4702
Sfmt 4702
45831
regulations governing the segregation of
customer funds in traditional
derivatives markets. The questions
below are intended to assist the
Commission in its ongoing evaluation of
whether and how RMP regulations and
practices at FCMs and SDs adequately
and comprehensively address risks
arising from new or evolving market
structures, products, and registrants.
a. Potential Risks Related to the
Segregation of Customer Funds and
Safeguarding Counterparty Collateral
The segregation of customer funds
and safeguarding of counterparty
collateral are cornerstones of the
Commission’s FCM and SD regulatory
regimes, respectively. Currently, the
existing RMP Regulations address the
management of segregation risk and the
safeguarding of counterparty collateral
in different ways, given the differing
business models between FCMs and
SDs. Regulation 1.11(e)(3)(i) requires an
FCM’s RMP to include written policies
and procedures reasonably designed to
ensure segregated funds are separately
accounted for and segregated or secured
as belonging to customers.52 This
requirement further lists several subjects
that must, ‘‘at a minimum,’’ be
addressed by an FCM’s RMP policies
and procedures, including the
evaluation and monitoring process for
approved depositories, the treatment of
related residual interest, transfers, and
withdrawals, and permissible
investments.
Although Regulation 23.600(c)(6) of
the SD RMP Regulations requires
compliance with all capital and margin
requirements, Regulation 23.600 does
not explicitly require an SD’s RMP to
include written policies and procedures
to safeguard counterparty collateral.
Rather, the Commission chose to adopt
Regulations 23.701 through 23.703 for
the purpose of establishing a separate
framework for the elected segregation of
assets held as collateral in uncleared
swap transactions.53 Additionally, the
Commission requires certain initial
margin to be held through custodial
arrangements in accordance with
Regulation 23.157.54
The Commission seeks comment
generally on the risks attendant to the
segregation of customer funds and the
safeguarding of counterparty collateral.
In addition, commenters should seek to
address the following questions:
1. Do the current RMP Regulations for
FCMs adequately and comprehensively
require them to identify, monitor, and
52 17
CFR 1.11(e)(3)(i).
CFR 23.701–23.703.
54 17 CFR 23.157.
53 17
E:\FR\FM\18JYP1.SGM
18JYP1
45832
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
ddrumheller on DSK120RN23PROD with PROPOSALS1
manage the risks associated with the
segregation of customer funds and the
protection of customer property? Are
there other Commission regulations that
address these risks for FCMs?
2. Currently, the Commission
understands that no FCM holds
customer property in the form of virtual
currencies or other digital assets such as
stablecoins. To the extent that FCMs
may consider engaging in this activity in
the future, would the current RMP
Regulations for FCMs adequately and
comprehensively require them to
identify, monitor, and manage the risks
associated with that activity, including
custody with a third-party entity?
3. Do the current RMP Regulations for
SDs adequately and comprehensively
require them to identify, monitor, and
manage all of the risks associated with
the collection, posting, and custody of
counterparty collateral and the
protection of such assets? Are there any
other risks that should be addressed by
the RMP Regulations for SDs related to
the collection, posting, and custody of
counterparty collateral?
4. Do the Commission’s RMP
Regulations adequately address risks to
customer funds or counterparty
collateral that may be associated with
SDs and FCMs that have multiple
business lines and registrations?
Although the Commission understands
that SDs and FCMs currently engage in
limited activities with respect to digital
assets, should the Commission consider
additional RMP requirements applicable
to SDs and FCMs that are or may
become involved in, or affiliated with,
the provision of digital asset financial
services or products (e.g., digital asset
lending arrangements or derivatives)?
b. Potential Risks Posed by Affiliates,
Lines of Business, and All Other
Trading Activity
In light of increasing market volatility
and recent market disruptions, as well
as the growth of digital asset markets,
the Commission generally seeks
comment on the risks posed by SDs’ and
FCMs’ affiliates and related trading
activity. Generally, the RMP Regulations
require SD and FCM RMPs to take into
account risks posed by affiliates and
related trading activity. Specifically,
Regulation 23.600(c)(1)(ii) requires an
SD’s RMP to take into account ‘‘risks
posed by affiliates’’ with the RMP
integrated into risk management
functions at the ‘‘consolidated entity
level.’’ 55 Similarly, Regulation
1.11(e)(1)(ii) requires an FCM’s RMP to
take into account risks posed by
affiliates, all lines of business of the
FCM, and all other trading activity
engaged in by the FCM.’’ 56
Some SDs and FCMs are subject to
regulatory requirements designed to
mitigate certain risks arising from
certain affiliate activities. For example,
SDs and FCMs that are affiliates or
subsidiaries of a banking entity may
have to comply with certain restrictions
and requirements on inter-affiliate
activities. Further, those SDs and FCMs
that are subject to the Volcker Rule,
codified and implemented in part 75 of
the Commission’s regulations, and
incorporated into other requirements,
such as Regulation 3.3, are subject to the
Volcker Rule’s risk management
program and compliance program
requirements.57
The Commission seeks comment
generally on the requirements related to
risks posed by affiliates and related
trading activity found within the RMP
Regulations for SDs and FCMs,
including non-bank affiliated SDs or
non-bank affiliated FCMs. In addition,
commenters should seek to address the
following questions:
1. What risks do affiliates (including,
but not limited to, parents and
subsidiaries) pose to SDs and FCMs?
Are there risks posed by an affiliate
trading in physical commodity markets,
trading in digital asset markets, or
relying on affiliated parties to meet
regulatory requirements or obligations?
Are there contagion risks posed by the
credit exposures of affiliates? Are there
risks posed by other lines of business of
an SD, or of an FCM, respectively, that
are not adequately or comprehensively
addressed by the Commission’s
regulations, including, as applicable, the
Volcker Rule regulations found in 17
CFR part 75?
2. Do the current RMP Regulations
adequately and comprehensively
address the risks associated with the
activities of affiliates (whether such
affiliates are unregulated, less regulated,
or subject to alternative regulatory
regimes), or of other lines of business,
of an SD or of an FCM, respectively, that
could affect SD or FCM operations?
Alternatively, to what extent are the
risks posed by affiliates discussed in
this section adequately addressed
through other regulatory requirements
(for example, the Volcker Rule or other
prudential regulations, or applicable
non-U.S. laws, regulations, or
standards)?
3. Should the Commission further
expand on how SD and FCM RMPs
should address risks posed by affiliates
in the RMP Regulations, including any
56 17
55 17
CFR 23.600(c)(1)(ii).
VerDate Sep<11>2014
18:21 Jul 17, 2023
57 17
Jkt 259001
PO 00000
CFR 1.11(e)(1)(ii).
CFR part 75; 17 CFR 3.3.
Frm 00011
Fmt 4702
Sfmt 4702
specific risks? Should the Commission
consider enumerating any specific risks
posed by affiliates or related trading
activities within the RMP Regulations,
either as a separate enumerated risk, or
as a subset of an existing enumerated
area of risk (e.g., operational risk, credit
risk, etc.)?
Issued in Washington, DC, on July 12,
2023, by the Commission.
Robert Sidman,
Deputy Secretary of the Commission.
Note: The following appendices will not
appear in the Code of Federal Regulations.
Appendices to Risk Management
Program Regulations for Swap Dealers,
Major Swap Participants, and Futures
Commission Merchants—Voting
Summary and Chairman’s and
Commissioners’ Statements
Appendix 1—Voting Summary
On this matter, Chairman Behnam and
Commissioners Johnson, Goldsmith Romero,
Mersinger, and Pham voted in the
affirmative. No Commissioner voted in the
negative.
Appendix 2—Statement of Chairman
Rostin Behnam
I appreciate all of the Market Participants
Division staff’s hard work on this proposal.
I look forward to the public’s thoughtful
comments on the proposal to inform a
potential future rulemaking or guidance for
the Commission’s risk management program
regulations for swap dealers and futures
commission merchants.
Appendix 3—Statement of
Commissioner Christy Goldsmith
Romero on Advance Notice of Proposed
Rulemaking on Risk Management
Program Regulations
Management of existing, evolving, and
emerging risk is paramount to the financial
stability of the United States and global
markets. This is evidenced by the recent bank
failures, followed by subsequent government
action taken out of regulatory concern over
possible contagion effect to other banks and
broader economic spillover.1 Federal Reserve
Board Vice Chair Michael Barr recently
testified before the Senate at a hearing on the
bank failures, ‘‘the events of the last few
weeks raise questions about evolving risks
and what more can and should be done so
that isolated banking problems do not
1 See Statement of Martin J. Gruenberg, Chairman
Federal Deposit Insurance Corporation Chair on
‘‘Recent Bank Failures and the Federal Regulatory
Response’’ before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28,
2023) https://www.banking.senate.gov/imo/media/
doc/Gruenberg%20Testimony%203-28-23.pdf; see
also Hearing on Recent Bank Failures and the
Federal Regulatory Response, United States Senate
Committee on Banking, Housing, and Urban Affairs
(Mar. 28, 2023) https://www.banking.senate.gov/
hearings/recent-bank-failures-and-the-federalregulatory-response.
E:\FR\FM\18JYP1.SGM
18JYP1
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
ddrumheller on DSK120RN23PROD with PROPOSALS1
undermine confidence in healthy banks and
threaten the stability of the banking system
as a whole.’’ 2
Sound risk management is particularly
crucial for CFTC-registered swap dealers, the
majority of which are global systemically
important banks on Wall Street (or their
affiliates) or other prudentially-regulated
banks. If there was any one issue at the center
of the 2008 financial crisis, it was the failure
of risk management by Wall Street. The
Dodd-Frank Wall Street Reform and
Consumer Protection Act required these
dealers to establish and maintain risk
management programs. The Commission
implemented its risk management
requirements for swap dealers in 2012. Then
in 2013, the Commission required that
brokers in the derivatives markets, known as
futures commission merchants (‘‘FCMs’’),
establish and maintain risk management
programs after two brokers, MF Global and
Peregrine Financial, misused customer funds
and collapsed from a combination of hidden
risks and fraud.3
Re-evaluating our risk management rules is
responsible and necessary to keep pace with
evolving markets that can give rise to
emerging risk. The last three years presented
unprecedented risk. The pandemic, its
lingering supply chain disruptions, Russia’s
war against Ukraine, climate disasters that
proved to be the most-costly three years on
record, a spike in ransomware and other
cyber attacks (including on ION Markets and
Colonial Pipeline), and increasing geopolitical tensions involving the U.S. and
China, have emerged as often interrelated
areas of significant risk. Additionally, as
Chairman of the Federal Deposit Insurance
Corporation (‘‘FDIC’’), Martin Gruenberg
testified before the Senate, ‘‘the financial
system continues to face significant
downside risks from the effects of inflation,
rising market interest rates, and continuing
geopolitical uncertainties.’’ 4
Evolving technologies like digital assets,
artificial intelligence, and cloud services,
also have emerged as areas that can carry
significant risk.5 Vice Chair Barr testified
before the Senate, ‘‘recent events have shown
that we must evolve our understanding of
2 Statement of Michael S. Barr, Vice Chair for
Supervision, Board of Governors of the Federal
Reserve System before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28,
2023) https://www.banking.senate.gov/imo/media/
doc/Barr%20Testimony%203-28-231.pdf.
3 This dovetailed with Commission requirements
that brokers segregate customer assets from
company assets and house accounts.
4 See Statement of Martin J. Gruenberg, Chairman
Federal Deposit Insurance Corporation Chair on
‘‘Recent Bank Failures and the Federal Regulatory
Response’’ before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28,
2023) https://www.banking.senate.gov/imo/media/
doc/Gruenberg%20Testimony%203-28-23.pdf.
5 See Commissioner Christy Goldsmith Romero,
Opening Remarks at the Technology Advisory
Committee on DeFi, Responsible Artificial
Intelligence, Cloud Technology & Cyber Resilience
(Mar. 22, 2023), https://www.cftc.gov/PressRoom/
SpeechesTestimony/romerostatement032223; see
also Department of Treasury, The Financial
Services Sector’s Adoption of Cloud Services (Feb.
8, 2023), https://home.treasury.gov/news/pressreleases/jy1252.
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
banking in light of changing technologies and
emerging risks. To that end, we are analyzing
what recent events have taught us about
banking, customer behavior, social media,
concentrated and novel business models,
rapid growth, deposit runs, interest rate risk,
and other factors, and we are considering the
implications for how we should be regulating
and supervising our financial institutions.
And for how we think about financial
stability.’’ 6
The Commission should ensure that our
risk management frameworks for banks and
brokers reflect and keep pace with the
significant evolution of financial stability
risk. It is equally important for the
Commission to be forward-looking to ensure
that our risk management frameworks
capture future risk as it could evolve or
emerge.7 The Commission is considering
whether to enumerate specific areas of risk
that banks and brokers would be required to
address. This could include for example,
geopolitical risk, cybersecurity risk, climaterelated financial risk or contagion risk.
The Commission seeks public comment in
its reassessment of its risk management
frameworks. I am particularly interested in
comment on the following areas: (1)
Technology Risk; (2) Cyber Risk; (3) Affiliate
Risk; (4) Risk related to segregating customer
funds and safeguarding counterparty
collateral; and (5) Climate-Related Financial
Risk.
Technology Risk
Risk has emerged from the evolution
of technology. Distributed ledger
networks are being used or considered
in certain markets; cloud data storage
and computing has gone mainstream;
and artificial intelligence hold the
power to transform businesses. Many
firms are also integrating, or are
interested in integrating, digital assets
into their businesses, or plan to do so.
All of these emerging or evolving
technologies carry risks.
Digital assets carry risks—something
that has become all too clear in the past
year. Silvergate Bank, which recently
failed, was almost exclusively known
for providing services to digital asset
6 See Statement of Michael S. Barr, Vice Chair for
Supervision, Board of Governors of the Federal
Reserve System before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28,
2023) https://www.banking.senate.gov/imo/media/
doc/Barr%20Testimony%203-28-231.pdf (adding
that Silicon Valley Bank ‘‘failed to manage the risks
of its liabilities. These liabilities were largely
composed of deposits from venture capital firms
and the tech sector, which were highly
concentrated and could be volatile.’’)
7 Additionally, CFTC staff have observed
significant variance in how swap dealers and
brokers are defining and reporting on risk areas,
making it difficult for CFTC staff to gain a clear
understanding of how specific risk exposures are
being monitored and managed. Furthermore, some
swap dealers have indicated that they do not rely
on the information in CFTC risk reporting for their
internal risk management. Improving the efficacy of
CFTC requirements for swap dealers’ own risk
management, along with the Commission’s ability
to monitor risk are worthwhile goals.
PO 00000
Frm 00012
Fmt 4702
Sfmt 4702
45833
firms.8 According to FDIC Chairman
Gruenberg, ‘‘Following the collapse of
digital asset exchange FTX in November
2022, Silvergate Bank released a
statement indicating that it had $11.9
billion in digital asset-related deposits,
and that FTX represented less than 10
percent of total deposits in an effort to
explain that its exposure to the digital
asset exchange was limited.
Nevertheless, in the fourth quarter of
2022, Silvergate Bank experienced an
outflow of deposits from digital asset
customers that, combined with the FTX
deposits, resulted in a 68 percent loss in
deposits—from $11.9 billion in deposits
to $3.8 billion. That rapid loss of
deposits caused Silvergate Bank to sell
debt securities to cover deposit
withdrawals, resulting in a net earnings
loss of $1 billion. On March 1, 2023,
Silvergate Bank announced it would be
delaying issuance of its 2022 financial
statements and indicated that recent
events raised concerns about its ability
to operate as a going concern, which
resulted in a steep drop in Silvergate
Bank’s stock price. On March 8, 2023,
Silvergate Bank announced that it
would self-liquidate.’’ 9
Chairman Gruenberg further testified,
‘‘Like Silvergate Bank, Signature Bank
had also focused a significant portion of
its business model on the digital asset
industry. . . . Silvergate Bank operated
a similar platform that was also used by
digital asset firms. . . . In the second
and third quarters of 2022, Signature
Bank, like Silvergate, experienced
deposit withdrawals and a drop in its
stock price as a consequence of
disruptions in the digital asset market
due to failures of several high profile
digital asset companies.’’ 10
These technological advancements,
with their accompanying risks,
necessitate the Commission revisiting
our regulatory oversight, including our
risk management requirements. This is
similar to other regulators revisiting
their oversight in this area. According to
Vice Chair Barr, the Federal Reserve
‘‘recently decided to establish a
dedicated novel activity supervisory
group, with a team of experts focused on
risks of novel activities, which should
help improve oversight of banks like
SVB in the future.’’ 11
8 See Statement of Martin J. Gruenberg, Chairman
Federal Deposit Insurance Corporation Chair on
‘‘Recent Bank Failures and the Federal Regulatory
Response’’ before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28,
2023) https://www.banking.senate.gov/imo/media/
doc/Gruenberg%20Testimony%203-28-23.pdf.
9 See Id.
10 See Id.
11 Statement of Michael S. Barr, Vice Chair for
Supervision, Board of Governors of the Federal
E:\FR\FM\18JYP1.SGM
Continued
18JYP1
45834
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
I am interested in comments on how
the Commission should amend its risk
management requirements to ensure
that risks from technology are
adequately identified, monitored,
assessed and managed. I am also
interested in public comment on any
gaps in our risk management regulations
that the Commission should address
regarding technology.
Cyber Risk
I am interested in public comment
about how the Commission should
update its risk management frameworks
to address the growing and increasingly
sophisticated threat of cyber attacks.
The White House’s recent National
Cybersecurity Strategy stated:
ddrumheller on DSK120RN23PROD with PROPOSALS1
Our rapidly evolving world demands a
more intentional, more coordinated, and
more well-resourced approach to cyber
defense. We face a complex threat
environment, with state and non-state actors
developing and executing novel campaigns to
threaten our interests. At the same time, nextgeneration technologies are reaching maturity
at an accelerating pace, creating new
pathways for innovation while increasing
digital interdependencies.12
Global cyber criminals and state-sponsored
efforts can create or leverage a serious
disruption to markets.
I am also interested in comment on how
the Commission should address risk
management related to third party service
providers. As I said in a speech in November,
‘‘Even if financial firms have strong
cybersecurity systems, their cybersecurity is
only as strong as their most vulnerable thirdparty service provider. The threat can
compound where several firms use the same
software or other provider.’’ 13 Subsequently
in February, a third-party service provider
ION Markets suffered a cyber attack that
compromised a number of brokers in the
derivatives market. Treasury Deputy
Assistant Secretary Todd Conklin, a member
of the CFTC Technology Advisory Committee
(‘‘TAC’’) presented at a recent TAC meeting
that ION was not considered by firms to be
a critical vendor.14 Given the severe threat of
Reserve System before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28,
2023) https://www.banking.senate.gov/imo/media/
doc/Barr%20Testimony%203-28-231.pdf.
12 The White House, Fact Sheet: Biden-Harris
Administration Announces National Cybersecurity
Strategy, (Mar. 2, 2023), https://
www.whitehouse.gov/briefing-room/statementsreleases/2023/03/02/fact-sheet-biden-harrisadministration-announces-national-cybersecuritystrategy/.
13 See Commissioner Christy Goldsmith Romero,
U.S. Commodity Futures Trading Commission,
Protecting Against Emerging Global Fintech Threats
in Cyberspace and Cryptocurrencies (Nov. 30,
2022), Keynote Remarks of Commissioner Christy
Goldsmith Romero at the Futures Industry
Association, Asia Derivatives Conference,
Singapore, https://www.cftc.gov/PressRoom/
SpeechesTestimony/oparomero4.
14 See Technology Advisory Committee meeting
(Mar. 22, 2023) Commissioner Goldsmith Romero
Announces Technology Advisory Committee
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
cyber attacks, I am interested in commenters’
views on whether the Commission should
specifically enumerate cyber risk, specifically
include risks associated with third-party
service providers in risk management
frameworks, or include other requirements to
ensure that cyber risk is adequately and
comprehensively identified, assessed, and
managed.
well. Risks can arise from regulated trading
in crypto derivatives. The unregulated spot
markets carry additional risks as seen with
the collapse of FTX, Terra Luna, Celsius and
numerous others that have resulted in
substantial losses. This is in addition to
operational risks and risks associated with
rampant fraud and illicit finance in some
parts of the crypto markets.
Affiliate Risk
I am interested in commenters views on
the questions related to affiliate risks,
especially those related to risks that
unregulated affiliates can pose to regulated
entities. Currently, the Commission’s rules
provide that the risk management
frameworks of banks and brokers shall ‘‘take
into account’’ risks posed by affiliates.
Affiliate risks can take many forms—from
counterparty credit risk to operational risks
to many others. The questions posed in this
ANPRM are designed to flesh out details
about affiliate risks, and whether such risks
are sufficiently identified and adequately
managed.
Understanding affiliate risks is critically
important given lessons learned from the past
and more recent events. For example, AIG
Financial Products (‘‘AIGFP’’) is the poster
child for how risk of a seemingly remote,
unregulated affiliate could undermine the
stability of a large, diversified financial
institution. AIGFP’s damage reached well
beyond its affiliates. AIGFP was a source of
contagion for other market participants,
ultimately spreading risks across Wall Street,
contributing to a global financial crisis and
massive taxpayer bailout. Most recently, the
abrupt collapse of FTX, with its alleged lack
of separation between affiliates as found by
new CEO John Ray, led to a bankruptcy with
more than 130 affiliate debtors, tying up
billions of dollars and more than one million
customers and creditors. Although LedgerX,
a CFTC-regulated FTX affiliate, is not a
debtor in the bankruptcy, the debtors sold
LedgerX as a result.
Existing Commission rules require that
banks’ and brokers’ risk management
programs ‘‘take into account’’ risks related to
lines of business. That could include, for
example, digital asset markets. In January,
before the bank failures, federal bank
regulatory agencies issued a recent joint
statement outlining numerous ‘‘key risks’’
associated with bank involvement in the
crypto-asset sector.15 I am interested in
public comment on those key risks as they
may apply specifically to the CFTC’s
regulated banks and brokers. About half of all
CFTC-registered swap dealers are subject to
some form of oversight by the prudential
regulators.
Many brokers have expressed an interest in
becoming further involved in digital assets as
Risk Related to the Segregation of Customer
Property and Safeguarding Counterparty
Collateral in the Digital Asset Space
Digital assets raise a host of issues about
safeguarding customer property that were not
contemplated at the time of the 2013 risk
management rule or the Commission’s
customer protection rules for brokers to
segregate customer assets from company
assets. For example, brokers may explore
holding customer property in the form of
stablecoins or other digital assets that could
result in unknown and unique risks. These
brokers may be confronted by third-party
custody and other risks that should be
identified and managed. Physical delivery
may also present risk, particularly given the
proliferation of cyber hacks. Application of
the Commission’s segregation rules may also
need to be updated based on future risks
related to digital assets (even risks not
contemplated by the Commission today). I
look forward to commenters’ responses in
this area.
It is necessary for the CFTC to seek public
comment on our risk management framework
in this important area of emerging risk so that
we keep pace with evolution in our markets
and technology. We should not assume that
our existing segregation rules and risk
management framework comprehensively
cover the evolving risks in the markets.16 The
Commission does not have a window into
certain unregulated spaces, such as with
digital assets, which could obscure risks
faced by CFTC-regulated banks or brokers.
Integration of digital assets with banks and
brokers, and the risks that could be posed,
could continue to evolve.
Meeting Agenda That Includes Cybersecurity,
Decentralized Finance, and Artificial Intelligence,
https://www.cftc.gov/PressRoom/Events/
opaeventtac032223.
15 Joint Statement on Crypto-Asset Risks to
Banking Organizations, Board of Governors of the
Federal Reserve System, the Federal Deposit
Insurance Corporation, and the Office of the
Comptroller of the Currency (Jan. 3, 2023), https://
www.federalreserve.gov/newsevents/pressreleases/
files/bcreg20230103a1.pdf.
PO 00000
Frm 00013
Fmt 4702
Sfmt 4702
Climate-Related Financial Risk
Developments in the management of
climate-related financial risk are an
important example of the need for the
Commission to adopt a framework that helps
banks and brokers keep pace with such
emerging risks. When the Climate-Related
Market Risk Subcommittee of our Market
Risk Advisory Committee released its report
in September 2020, it was a ‘‘first-of-its-kind
effort from a U.S. government entity.’’ 17
Since then, other U.S. financial regulators
have not only echoed this
acknowledgment,18 but have moved ahead to
16 The same could be true of swap dealers related
to safeguarding counterparty collateral.
17 CFTC, CFTC’s Climate-Related Market Risk
Subcommittee Releases Report (Sept. 9, 2020),
https://www.cftc.gov/PressRoom/PressReleases/
8234-20.
18 See Financial Stability Oversight Council,
Financial Stability Oversight Council Identifies
Climate Change as an Emerging and Increasing
Threat to Financial Stability (October 21, 2021)
https://home.treasury.gov/news/press-releases/
jy0426.
E:\FR\FM\18JYP1.SGM
18JYP1
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
define the risk management framework that
banks and other regulated entities must adopt
for addressing physical and transition risks
posed by climate change.19 Banks and
brokers need frameworks that let them adapt
to both the increasingly dire projections by
climate scientists about the scope of physical
impacts,20 and to the massive economic
impetus to a transition to a lower carbon
environment created via Congressional
passage of the Inflation Reduction Act, the
Bipartisan Infrastructure Law, and the CHIPS
and Science Act.
In just three years, climate-related financial
risk management has gone from novelty to
necessity. We should develop a framework
that helps banks and brokers remain resilient
to risks like this one, which will continue to
develop for years to come. I have been
advocating for the Commission to enhance its
understanding of how market participants are
managing climate-related financial risk.21 To
that end, over the past year, I have been
working with the National Futures
Association (‘‘NFA’’) on a recently completed
special project to assess how some of its
members are identifying and managing
climate-related financial risk. NFA learned
that some of its members, particularly those
already subject to oversight by U.S. and
foreign banking regulators, are taking steps to
manage both physical and transition risks. I
look forward to hearing from commenters on
how best to adapt our framework to
incorporate these kinds of emerging risks.
ddrumheller on DSK120RN23PROD with PROPOSALS1
Conclusion
Sound risk management by banks (and
other dealers) and brokers at the center of the
U.S. derivatives markets is critical to
financial stability. The stakes are high. These
financial institutions and others take and
carry significant risks that could impact
financial stability. They are on the front lines
of our financial markets, directly engaging
with customers or counterparties. Customers
have billions of dollars entrusted to these
institutions. Market participants depend on
liquidity, clearing and other critical functions
performed by these institutions.
The Commission must fulfill its own
responsibility to ensure that risk management
programs at these institutions address the full
scope of risks to customers, firms and
19 See, e.g., Federal Deposit Insurance
Corporation, FIL–13–2022, Request for Comment on
Statement of Principles for Climate-Related
Financial Risk Management for Large Financial
Institutions (March 30, 2022), https://www.fdic.gov/
news/financial-institution-letters/2022/
fil22013.html.
20 Intergovernmental Panel on Climate Change,
Climate Change 2022: Impacts, Adaptation and
Vulnerability (2022), https://www.ipcc.ch/report/
ar6/wg2/chapter/summary-for-policymakers/.
21 See Commissioner Christy Goldsmith Romero,
U.S. Commodity Futures Trading Commission,
Promoting Market Resilience (Sept. 28, 2022),
Statement of Commissioner Christy Goldsmith
Romero before the Market Risk Advisory
Committee, https://www.cftc.gov/PressRoom/
SpeechesTestimony/romerostatement092822;
Statement of CFTC Commissioner Christy
Goldsmith Romero In Support of the Commission’s
Request for Information on Climate-Related
Financial Risk (June 2, 2022), https://www.cftc.gov/
PressRoom/SpeechesTestimony/
romerostatement060222.
VerDate Sep<11>2014
18:21 Jul 17, 2023
Jkt 259001
markets, including keeping pace with
evolving and emerging risk. We may never
know how many catastrophes were avoided
as a result of sound risk management
programs, but we have seen what can happen
when risks are not well managed.
Appendix 4—Statement of
Commissioner Caroline D. Pham
I support the Advance Notice of Proposed
Rulemaking (ANPRM) seeking public
comment on potential amendments to the
Risk Management Program (RMP)
requirements in CFTC rules 23.600 and 1.11 1
(collectively, RMP Rules) applicable to swap
dealers and futures commission merchants
(FCMs), respectively. I believe in continuous
improvement for not only our market
participants, but for the Commission and its
regulations too.
I would like to thank the staff of the Market
Participants Division for working closely
with me on this ANPRM, and making
revisions in response to my concerns, in
particular Amanda Olear, Pamela Geraghty,
Fern Simmons, Elizabeth Groover, and
Samantha Ostrom. I also appreciate the
opportunity to work collaboratively with the
Chairman and my fellow Commissioners.
It is critical that the public has the
opportunity to provide input on any
potential amendment or expansion of RMP
requirements that is informed by actual
experience from risk management officers,
other control functions, and practitioners
who have implemented and complied with
the RMP Rules for the past 10 years,
oftentimes within a broader enterprise-wide
risk management program pursuant to other
requirements from other regulators.
Because the CFTC’s rules are often only
one part of much broader risk governance
frameworks for financial institutions, the
Commission must ensure that it has the full
picture before coming to conclusions to
ensure that our rules not only address any
potential regulatory gaps or changes in risk
profiles, but also avoids issuing rules that are
conflicting, duplicative, or unworkable with
other regulatory regimes.
For example, the CFTC currently has 106
provisionally registered swap dealers.2 Of
these 106 entities, both U.S. and non-U.S., all
but a handful are also registered with and
supervised by another agency or authority,
such as a prudential, functional, or market
regulator. Most of these swap dealers are
subject to three or more regulatory regimes.
Therefore, it is imperative that the
Commission and the staff consider how the
CFTC’s RMP Rules work in practice together
with the rules of other regulators, whether
foreign or domestic. This key point is easily
apparent in looking at the CFTC’s substituted
compliance regime for non-U.S. swap
dealers, where the Commission has expressly
found that non-U.S. swap dealers in certain
jurisdictions are subject to comparable and
comprehensive regulation, and therefore
permits such non-U.S. swap dealers to
17 CFR 23.600 and 1.11.
CFTC provisionally registered swap dealers,
as of January 30, 2023, available at https://
www.cftc.gov/LawRegulation/DoddFrankAct/
registerswapdealer.html.
PO 00000
1 See
2 See
Frm 00014
Fmt 4702
Sfmt 4702
45835
‘‘substitute’’ compliance with home
jurisdiction risk management regulations to
satisfy CFTC rule 23.600.3
Issuing an ANPRM can be beneficial to
initiate an open process to request
information and stimulate dialogue with the
public. As stated in the preamble, ‘‘After
Regulation 23.600 was initially adopted in
2012, the Commission received a number of
questions from [swap dealers] concerning
compliance with these requirements,
particularly those concerning governance
. . . . The intervening decade of
examination findings and ongoing requests
for staff guidance from [swap dealers] with
respect to Regulation 23.600 warrant
consideration of the Commission’s rules and
additional public discourse on this topic.’’
The preamble also states, ‘‘Furthermore, a
number of [swap dealers] have indicated that
the quarterly [risk exposure reports] are not
relied upon for their internal risk
management purposes, but rather, they are
created solely to comply with Regulation
23.600, indicating to the Commission that
additional consideration of the [risk exposure
report] requirement is warranted.’’
I commend the Commission and staff for
seeking to address areas of potential
confusion, inconsistency, and inefficiencies
in the RMP Rules. Risk management must be
more than an exercise in paperwork. And
lack of regulatory clarity can actually inhibit
compliance simply because our registrants
are unsure of supervisory expectations and
are unclear as to what to implement. That is
why I am focused as a Commissioner on
providing clear rules and guidance to
facilitate compliance with the Commission’s
regulations. I also support using this
opportunity to improve our RMP Rules and
I encourage commenters to explore how the
RMP Rules could be aligned with other risk
governance and risk management
frameworks, such as prudential requirements
for banking organizations, in order to more
effectively and efficiently address risks.
Regarding potential risks related to the
segregation of customer funds and
safeguarding counterparty collateral, I will
note that the CFTC’s existing rules are the
gold standard for customer protection around
the world. Further, our existing rules also
address potential risks posed by affiliates,
lines of business, and all other trading
activity. While much attention has been paid
to widespread fraud and failures of risk
management in the cryptocurrency sector, it
bears reminding that a so-called crypto
exchange is a very different type of
organization and business model from a
highly regulated financial institution. The
public should take care to avoid conflating
these completely different entities—it is at
least as wholly unlike one another as a
domesticated housecat and a wild tiger. I
look forward to comments on these two other
areas of risk.
3 On December 27, 2013, the Commission issued
comparability determinations for certain entitylevel requirements, including risk management, for
the following jurisdictions: European Union;
Canada; Switzerland; Japan; Hong Kong; and
Australia. See Comparability Determinations for
Substituted Compliance Purposes, available at
https://www.cftc.gov/LawRegulation/
DoddFrankAct/CDSCP/index.htm (July 11, 2023).
E:\FR\FM\18JYP1.SGM
18JYP1
ddrumheller on DSK120RN23PROD with PROPOSALS1
45836
Federal Register / Vol. 88, No. 136 / Tuesday, July 18, 2023 / Proposed Rules
Nonetheless, neither the Commission nor
our registrants should be complacent. I
reiterate this statement in the preamble:
‘‘[T]he Commission also reminds [swap
dealers] and FCMs that their RMPs may
require periodic updates to reflect and keep
pace with technological innovations that
have developed or evolved since the
Commission first promulgated the RMP
Regulations.’’ The benefit of a principlesbased regulatory framework is that it can
more quickly anticipate and adapt to changes
in risk profiles or the operating environment.
I believe our rules must be broad and flexible
enough to be forward-looking and evergreen,
because it is simply not possible to prescribe
every last requirement for the unknown
future. Accordingly, swap dealers and FCMs
must be vigilant and address new and
emerging risks in their RMPs through various
risk stripes as appropriate—whether from
changing market conditions, technological
developments, geopolitical concerns, or any
other event.
I welcome input from commenters to
inform the Commission and the staff
regarding the application of the RMP Rules
to swap dealers and FCMs, especially those
entities that are part of a banking
organization, and to describe in a detailed
manner the policies, procedures, processes,
systems, controls, testing, and audits that are
part of an RMP, and associated governance
requirements. In this way, it will be more
clearly apparent to the Commission and staff
that the vast majority of swap dealers and
FCMs are part of enterprise-wide risk
management programs that the industry
spends billions of dollars on each year, with
thousands of personnel across the three lines
of defense. In addition, the CFTC’s stringent
RMP governance provisions ensure
management accountability and
responsibility, and the RMP Rules prescribe
various requirements for swap dealers to
address market risk, credit risk, liquidity risk,
foreign currency risk, legal risk, operational
risk, and settlement risk,4 and for FCMs to
address market risk, credit risk, liquidity risk,
foreign currency risk, legal risk, operational
risk, settlement risk, segregation risk,
technological risk, and capital risk.5
Of course, financial institutions can still
have lapses in risk management and
weaknesses in their control environment.
This is evident in the high-profile news
stories of the past few years. But the
appropriate response is for regulators,
including the CFTC and National Futures
Association (NFA), to increase focus and
resources on compliance examinations to
ensure that swap dealers and FCMs are
complying with the rules we already have—
not piling on more rules that ultimately do
not enhance sound risk management and
governance, and further dilute limited
resources, time, and attention.6 In instances
of especially egregious or prolonged
deficiencies, material weakness, or
4 17
CFR 23.600(c)(1).
CFR 1.11(e)(1)(i).
6 See Opening Statement of Commissioner
Caroline D. Pham before the CFTC Technology
Advisory Committee, March 22, 2023, available at
https://www.cftc.gov/PressRoom/
SpeechesTestimony/phamstatement032223.
5 17
VerDate Sep<11>2014
21:21 Jul 17, 2023
Jkt 259001
misconduct by management, then
enforcement actions may be appropriate, and
the Commission should not shy away from
this step.
[FR Doc. 2023–15056 Filed 7–17–23; 8:45 am]
BILLING CODE 6351–01–P
SECURITIES AND EXCHANGE
COMMISSION
17 CFR Part 240
[Release No. 34–97877; File No. S7–11–23]
RIN 3235–AN28
Daily Computation of Customer and
Broker-Dealer Reserve Requirements
Under the Broker-Dealer Customer
Protection Rule
Securities and Exchange
Commission.
ACTION: Proposed rule.
AGENCY:
The Securities and Exchange
Commission (‘‘Commission’’) proposes
to amend the broker-dealer customer
protection rule to require certain brokerdealers to perform their customer and
broker-dealer reserve computations and
make any required deposits into their
reserve bank accounts daily rather than
weekly. The Commission also is seeking
comment on whether similar daily
reserve computation requirements
should apply to broker-dealers and
security-based swap dealers with
respect to their security-based swap
customers.
SUMMARY:
Comments should be received on
or before September 11, 2023.
ADDRESSES: Comments may be
submitted by any of the following
methods:
DATES:
Comments are also available for website
viewing and printing in the
Commission’s Public Reference Room,
100 F Street NE, Washington, DC 20549,
on official business days between the
hours of 10 a.m. and 3 p.m. Operating
conditions may limit access to the
Commission’s Public Reference Room.
Do not include personal identifiable
information in submissions; you should
submit only information that you wish
to make available publicly. We may
redact in part or withhold entirely from
publication submitted material that is
obscene or subject to copyright
protection.
Studies, memoranda, or other
substantive items may be added by the
Commission or staff to the comment file
during this rulemaking. A notification of
the inclusion in the comment file of any
such materials will be made available
on our website. To ensure direct
electronic receipt of such notifications,
sign up through the ‘‘Stay Connected’’
option at www.sec.gov to receive
notifications by email.
FOR FURTHER INFORMATION CONTACT:
Michael A. Macchiaroli, Associate
Director; Thomas K. McGowan,
Associate Director; Randall W. Roy,
Deputy Associate Director; Raymond
Lombardo, Assistant Director; Sheila
Dombal Swartz, Senior Special Counsel;
Timothy C. Fox, Branch Chief; or
Abraham Jacob, Special Counsel, at
(202) 551–5500, Office of Broker-Dealer
Finances, Division of Trading and
Markets; Securities and Exchange
Commission, 100 F Street NE,
Washington, DC 20549–7010.
SUPPLEMENTARY INFORMATION: The
Commission is proposing amendments
to:
Electronic Comments
• Use the Commission’s internet
comment form (https://www.sec.gov/
rules/submitcomments.htm); or
• Send an email to rule-comments@
sec.gov. Please include File Number S7–
11–23 on the subject line.
Paper Comments
• Send paper comments to Secretary,
Securities and Exchange Commission,
100 F Street NE, Washington, DC
20549–1090.
All submissions should refer to File
Number S7–11–23. This file number
should be included on the subject line
if email is used. To help the
Commission process and review your
comments more efficiently, please use
only one method of submission. The
Commission will post all comments on
the Commission’s website (https://
www.sec.gov/rules/proposed.shtml).
PO 00000
Frm 00015
Fmt 4702
Sfmt 4702
Commission
reference
CFR
citation (17 CFR)
Rule 15c3–3 ..............
17 CFR 240.15c3–3.
Table of Contents
I. Background
A. Introduction
B. Current Requirements of Rule 15c3–3
and Its Relation to SIPA
1. Rule 15c3–3—Customer Accounts
2. Rule 15c3–3—Proprietary Accounts of
Broker-Dealers
3. Broker-Dealer Liquidations and SIPA
C. The Risk of a Mismatch in Funds Owed
and Funds Reserved Under Rule 15c3–3
II. Proposed Amendments
A. Proposed Amendments to Rule 15c3–3
B. Request for Comment
III. Request for Comment—Reserve Account
Requirements for Security-Based Swaps
A. Discussion
B. Request for Comment
IV. Economic Analysis
A. Introduction
E:\FR\FM\18JYP1.SGM
18JYP1
]]>Agencies
[Federal Register Volume 88, Number 136 (Tuesday, July 18, 2023)]
[Proposed Rules]
[Pages 45826-45836]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-15056]
=======================================================================
-----------------------------------------------------------------------
COMMODITY FUTURES TRADING COMMISSION
17 CFR Parts 1 and 23
RIN 3038-AE59
Risk Management Program Regulations for Swap Dealers, Major Swap
Participants, and Futures Commission Merchants
AGENCY: Commodity Futures Trading Commission.
ACTION: Advance notice of proposed rulemaking; request for comments.
-----------------------------------------------------------------------
SUMMARY: The Commodity Futures Trading Commission (CFTC or Commission)
is issuing this Advance Notice of Proposed Rulemaking (ANPRM or Notice)
and seeking public comment regarding potential regulatory amendments
under the Commodity Exchange Act governing the risk management programs
of swap dealers, major swap participants, and futures commission
merchants. In particular, the Commission is seeking information and
public comment on several issues stemming from the adoption of certain
risk management programs, including the governance and structure of
such programs, the enumerated risks these programs must monitor and
manage, and the specific risk considerations they must take into
account; the Commission further seeks comment on how the related
periodic risk reporting regime could be altered or improved. The
Commission intends to use the information and comments received from
this Notice to inform potential future agency action, such as a
rulemaking, with respect to risk management.
DATES: Comments must be in writing and received by September 18, 2023.
ADDRESSES: You may submit comments, identified by RIN 3038-AE59, by any
of the following methods:
CFTC Comments Portal: https://comments.cftc.gov. Select
the ``Submit Comments'' link for this rulemaking and follow the
instructions on the Public Comment Form.
Mail: Send to Christopher Kirkpatrick, Secretary of the
Commission, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW, Washington, DC 20581.
Hand Delivery/Courier: Follow the same instruction as for
Mail, above.
Please submit your comments using only one of these methods.
Submissions through the CFTC Comments Portal are encouraged. All
comments must be submitted in English, or if not,
[[Page 45827]]
accompanied by an English translation. Comments will be posted as
received to https://comments.cftc.gov. You should submit only
information that you wish to make available publicly. If you wish the
Commission to consider information that you believe is exempt from
disclosure under the Freedom of Information Act (FOIA), a petition for
confidential treatment of the exempt information may be submitted
according to the procedures established in section 145.9 of the
Commission's regulations. The Commission reserves the right, but shall
have no obligation, to review, prescreen, filter, redact, refuse, or
remove any or all of your submission from https://comments.cftc.gov
that it may deem to be inappropriate for publication, such as obscene
language. All submissions that have been redacted or removed that
contain comments on the merits of the rulemaking will be retained in
the public comment file and will be considered as required under the
Administrative Procedure Act (APA) and other applicable laws and may be
accessible under the FOIA.
FOR FURTHER INFORMATION CONTACT: Amanda L. Olear, Director, 202-418-
5283, [email protected]; Pamela M. Geraghty, Deputy Director, 202-418-
5634, [email protected]; Fern Simmons, Associate Director, 202-418-
5901, [email protected]; or Elizabeth Groover, Special Counsel, 202-
418-5985, [email protected]; each in the Market Participants Division
at the Commodity Futures Trading Commission, Three Lafayette Centre,
1155 21st Street NW, Washington, DC 20581.
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Background
II. Questions and Request for Comment
A. Risk Management Program Governance
B. Enumerated Risks in the Risk Management Program Regulations
C. Periodic Risk Exposure Reporting by Swap Dealers and Futures
Commission Merchants
D. Other Areas of Risk
I. Background
Title VII of the Dodd-Frank Wall Street Reform and Consumer
Protection Act \1\ (Dodd-Frank Act) amended the Commodity Exchange Act
(CEA) \2\ to establish a comprehensive regulatory framework to reduce
risk, increase transparency, and promote market integrity within the
financial system by, among other things, providing for the registration
and comprehensive regulation of swap dealers (SDs) \3\ and major swap
participants (MSPs),\4\ and enhancing the rulemaking and enforcement
authorities of the CFTC with respect to all registered entities and
intermediaries subject to its oversight, including, among others,
futures commission merchants (FCMs).\5\ Added by the Dodd-Frank Act,
CEA section 4s(j) outlines the duties with which SDs must comply.\6\
Specifically, CEA section 4s(j)(2) requires SDs to establish robust and
professional risk management systems adequate for managing the day-to-
day business of the registrant.\7\ CEA section 4s(j)(7) directs the
Commission to prescribe rules governing the duties of SDs, including
the duty to establish risk management procedures.\8\ In April 2012, the
Commission adopted Regulation 23.600,\9\ which established requirements
for the development, approval, implementation, and operation of SD risk
management programs (RMPs).\10\
---------------------------------------------------------------------------
\1\ See Dodd-Frank Act, Public Law 111-203, 124 Stat. 1376
(2010).
\2\ 7 U.S.C. 1 et seq.
\3\ An SD is an entity that holds itself out as a dealer in
swaps; makes a market in swaps; regularly enters into swaps with
counterparties as an ordinary course of business for its own
account; or engages in any activity causing the entity to be
commonly known in the trade as a dealer or market maker in swaps.
See 7 U.S.C. 1a(49)(A); see also 17 CFR 1.3 (describing exceptions
and limitations).
\4\ An MSP is any person that is not an SD and maintains a
substantial position in swaps for any of the major swap categories;
whose outstanding swaps create substantial counterparty exposure
that could have serious adverse effects on the financial stability
of the United States banking system or financial markets; or is a
financial entity that is highly leveraged relative to the amount of
capital it holds and that is not subject to capital requirements
established by an appropriate Federal banking agency and maintains a
substantial position in outstanding swaps in any major swap
category. See 7 U.S.C. 1a(33)(A); 17 CFR 1.3. There are currently no
registered MSPs; the relevant regulatory requirements discussed in
this ANPRM, however, apply to both SDs and MSPs. For ease of
drafting, throughout this Notice, any reference to SDs should be
construed to include both SDs and MSPs.
\5\ An FCM is an entity that solicits or accepts orders to buy
or sell futures contracts, options on futures, retail off-exchange
forex contracts or swaps, and accepts money or other assets from
customers to support such orders. See 7 U.S.C. 1a(28); 17 CFR 1.3.
\6\ 7 U.S.C. 6s(j).
\7\ 7 U.S.C. 6s(j)(2).
\8\ 7 U.S.C. 6s(j)(7).
\9\ 17 CFR 23.600.
\10\ Swap Dealer and Major Swap Participant Recordkeeping,
Reporting, and Duties Rules; Futures Commission Merchant and
Introducing Broker Conflicts of Interest Rules; and Chief Compliance
Officer Rules for Swap Dealers, Major Swap Participants, and Futures
Commission Merchants, 77 FR 20128 (Apr. 3, 2012) (2012 SD Risk
Management Final Rule). For additional background, see the related
notice of proposed rulemaking: Regulations Establishing and
Governing the Duties of Swap Dealers and Major Swap Participants, 75
FR 71397 (Nov. 23, 2010).
---------------------------------------------------------------------------
Following two FCM insolvencies involving the misuse of customer
funds in 2011 and 2012, the Commission proposed and adopted a series of
regulatory amendments designed to enhance the protection of customers
and customer funds held by FCMs.\11\ The Commission adopted Regulation
1.11 in 2013 to establish risk management requirements for those FCMs
that accept customer funds. Regulation 1.11 is largely aligned with the
SD risk management requirements in Regulation 23.600 (together with
Regulation 1.11, the RMP Regulations).\12\ The Commission concluded at
that time that it could mitigate the risks of misconduct and an FCM's
failure to maintain required funds in segregation \13\ with more robust
risk management systems and controls.\14\
---------------------------------------------------------------------------
\11\ Enhancing Protections Afforded Customers and Customer Funds
Held by Futures Commission Merchants and Derivatives Clearing
Organizations, 77 FR 67866 (Nov. 14, 2012) (FCM Customer Protection
Proposed Rule); Enhancing Protections Afforded Customers and
Customer Funds Held by Futures Commission Merchants and Derivatives
Clearing Organizations, 78 FR 68506 (Nov. 14, 2013) (FCM Customer
Protection Final Rule).
\12\ 17 CFR 1.11; FCM Customer Protection Final Rule.
\13\ The statutory requirement for FCMs to segregate customer
funds from their own funds is a fundamental cornerstone of customer
protection. FCM Customer Protection Final Rule, 78 FR at 68506
(``The protection of customers--and the safeguarding of money,
securities or other property deposited by customers with an FCM--is
a fundamental component of the Commission's disclosure and financial
responsibility framework.'').
\14\ Id. at 68509.
---------------------------------------------------------------------------
The Commission is issuing this ANPRM for several reasons. After
Regulation 23.600 was initially adopted in 2012, the Commission
received a number of questions from SDs concerning compliance with
these requirements, particularly those concerning governance (for
example, questions regarding who is properly designated as ``senior
management,'' as well as issues relating to the reporting lines within
the risk management unit).\15\ The intervening decade of examination
findings and ongoing requests for staff guidance from SDs with respect
to Regulation 23.600 warrant consideration of the Commission's rules
and additional public discourse on this topic.
---------------------------------------------------------------------------
\15\ Some SDs expressed confusion to Commission staff regarding
the reporting line requirements and the regulatory definitions of
``governing body'' and ``senior management.''
---------------------------------------------------------------------------
The Commission has further identified the enumerated areas of risk
that RMPs are required to take into account, and the quarterly risk
exposure reports (RERs), as other areas of potential confusion and
inconsistency
[[Page 45828]]
in the RMP Regulations for SDs and FCMs. Commission staff has observed
significant variance among SD and FCM RERs with respect to how they
define and report on the enumerated areas of risk (e.g., market risk,
credit risk, liquidity risk, etc.), making it difficult for the
Commission to gain a clear understanding of how specific risk exposures
are being monitored and managed by individual SDs and FCMs over time,
as well as across SDs and FCMs during a specified time period.
Furthermore, the Commission's implementation experiences and certain
market events over the last decade indicate that it may be appropriate
to consider whether to include additional enumerated areas of risk in
the RMP Regulations.
The Commission has observed inefficiencies with respect to the RER
requirements in the RMP Regulations. Currently, Regulations
23.600(c)(2) and 1.11(e)(2) \16\ prescribe neither the format of the
RER nor its exact filing schedule.\17\ As a result, the Commission
frequently receives RERs in inconsistent formats containing stale
information, in some cases data that is at least 90 days out-of-date.
Furthermore, a number of SDs have indicated that the quarterly RERs are
not relied upon for their internal risk management purposes, but
rather, they are created solely to comply with Regulation 23.600,
indicating to the Commission that additional consideration of the RER
requirement is warranted.
---------------------------------------------------------------------------
\16\ 17 CFR 23.600(c)(2); 17 CFR 1.11(e)(2).
\17\ The timeline for filing quarterly RERs with the Commission
is tied to when such reports are given to SDs' and FCMs' senior
management. Regulations 23.600(c)(2) and 1.11(e)(2) do not prescribe
how soon after a quarter-end an SD or FCM must provide its RER to
senior management or the format in which the SD or FCM must submit
the information required in the RER to the Commission. Id.
---------------------------------------------------------------------------
Finally, the Commission also reminds SDs and FCMs that their RMPs
may require periodic updates to reflect and keep pace with
technological innovations that have developed or evolved since the
Commission first promulgated the RMP Regulations.\18\ The Commission is
seeking information regarding any risk areas that may exist in the RMP
Regulations that the Commission should consider with respect to notable
product or technological developments.
---------------------------------------------------------------------------
\18\ Since the adoption of the RMP Regulations, some SDs and
FCMs have engaged in novel product offerings, such as derivatives on
certain digital assets, have increased their facilitation of
electronic and automated trading, and have incorporated into their
operations the use of recent technological developments, including
cloud-based storage and computing, and possibly artificial
intelligence and machine learning technologies.
---------------------------------------------------------------------------
Therefore, the Commission is issuing this Notice to seek industry
and public comment on these aforementioned specific aspects of the
existing RMP Regulations, as discussed further below.
II. Questions and Request for Comment
In responding to each of the following questions, please provide a
detailed response, including the rationale for such response, cost and
benefit considerations, and relevant supporting information. The
Commission encourages commenters to include the subsection title and
the assigned number of the specific request for information in their
submitted responses to facilitate the review of public comments by
Commission staff.
A. Risk Management Program Governance
Regulations 23.600(a) and (b) set out the parameters by which an SD
must structure and govern its RMPs. Regulation 23.600(a) sets forth
certain definitions, including ``business trading unit,'' \19\
``governing body,'' \20\ and ``senior management,'' \21\ whereas
Regulation 23.600(b) requires an SD to memorialize its RMP through
written policies and procedures, which the SD's governing body must
approve.\22\ Regulation 23.600(b) further requires an SD to create a
risk management unit (RMU) that: (1) is charged with carrying out the
SD's RMP; (2) has sufficient authority, qualified personnel, and
resources to carry out the RMP; (3) reports directly to senior
management; and (4) is independent from the business trading unit.\23\
---------------------------------------------------------------------------
\19\ ``Business trading unit'' is defined as, any department,
division, group, or personnel of a swap dealer or major swap
participant or any of its affiliates, whether or not identified as
such, that performs, or personnel exercising direct supervisory
authority over the performance of any pricing (excluding price
verification for risk management purposes), trading, sales,
marketing, advertising, solicitation, structuring, or brokerage
activities on behalf of a registrant. 17 CFR 23.600(a)(2).
\20\ ``Governing body'' is defined as, (1) A board of directors;
(2) A body performing a function similar to a board of directors;
(3) Any committee of a board or body; or (4) The chief executive
officer of a registrant, or any such board, body, committee, or
officer of a division of a registrant, provided that the
registrant's swaps activities for which registration with the
Commission is required are wholly contained in a separately
identifiable division. 17 CFR 23.600(a)(4).
\21\ ``Senior management'' is defined as, with respect to a
registrant, any officer or officers specifically granted the
authority and responsibility to fulfill the requirements of senior
management by the registrant's governing body. 17 CFR 23.600(a)(6).
\22\ 17 CFR 23.600(b).
\23\ 17 CFR 23.600(b)(5).
---------------------------------------------------------------------------
Similar to Regulation 23.600, Regulation 1.11 contains specific
requirements with respect to the risk governance structure.\24\
Regulation 1.11(b) defines ``business unit,'' \25\ ``governing body,''
\26\ and ``senior management,'' \27\ while Regulation 1.11(c) requires
the FCM to establish the RMP through written policies and procedures,
which the FCM's governing body must approve.\28\ Regulation 1.11(d)
requires that an FCM establish and maintain an RMU with sufficient
authority; qualified personnel; and financial, operational, and other
resources to carry out the RMP, that is independent from the business
unit and reports directly to senior management.\29\
---------------------------------------------------------------------------
\24\ 17 CFR 1.11.
\25\ ``Business unit'' is defined as, any department, division,
group, or personnel of a futures commission merchant or any of its
affiliates, whether or not identified as such that: (i) Engages in
soliciting or in accepting orders for the purchase or sale of any
commodity interest and that, in or in connection with such
solicitation or acceptance of orders, accepts any money, securities,
or property (or extends credit in lieu thereof) to margin,
guarantee, or secure any trades or contracts that result or may
result therefrom; or (ii) Otherwise handles segregated funds,
including managing, investing, and overseeing the custody of
segregated funds, or any documentation in connection therewith,
other than for risk management purposes; and (iii) Any personnel
exercising direct supervisory authority of the performance of the
activities described in paragraph (b)(1)(i) or (ii). 17 CFR
1.11(b)(1)(i)-(iii).
\26\ ``Governing body'' is defined as, the proprietor, if the
futures commission merchant is a sole proprietorship; a general
partner, if the futures commission merchant is a partnership; the
board of directors if the futures commission merchant is a
corporation; the chief executive officer, the chief financial
officer, the manager, the managing member, or those members vested
with the management authority if the futures commission merchant is
a limited liability company or limited liability partnership. 17 CFR
1.11(b)(3).
\27\ ``Senior management'' is defined as, any officer or
officers specifically granted the authority and responsibility to
fulfill the requirements of senior management by the governing body.
17 CFR 1.11(b)(5).
\28\ 17 CFR 1.11(c).
\29\ 17 CFR 1.11(d).
---------------------------------------------------------------------------
The Commission seeks comment generally on the RMP structure and
related governance requirements currently found in the RMP Regulations
for SDs and FCMs. In addition, commenters should seek to address the
following questions:
1. Do the definitions of ``governing body'' in the RMP Regulations
encompass the variety of business structures and entities used by SDs
and FCMs?
a. Should the Commission consider expanding the definition of
``governing body'' in Regulation 23.600(a)(4) to include other officers
in addition to an SD's CEO, or other bodies other than an SD's board of
directors (or body performing a similar function)?
b. Are there any other amendments to the ``governing body''
definition in
[[Page 45829]]
Regulation 23.600(a)(4) that the Commission should consider?
c. Should similar amendments be considered for the ``governing
body'' definition applicable to FCMs in Regulation 1.11(b)(3)?
2. Should the Commission consider amending the definitions of
``senior management'' in the RMP Regulations? Are there specific roles
or functions within an SD or FCM that the Commission should consider
including in the RMP Regulations' ``senior management'' definitions?
3. Should the RMP Regulations specifically address or discuss
reporting lines within an SD's or FCM's RMU?
4. Should the Commission propose and adopt standards for the
qualifications \30\ of certain RMU personnel (e.g., model validators)?
\31\
---------------------------------------------------------------------------
\30\ This could include, for example, prior risk management
experience.
\31\ Regulations 23.600(b)(5) and 1.11(d) require SDs and FCMs
to establish and maintain RMUs with ``qualified personnel.'' 17 CFR
23.600(b)(5); 17 CFR 1.11(d).
---------------------------------------------------------------------------
5. Should the RMP Regulations further clarify RMU independence and/
or freedom from undue influence, other than the existing general
requirement that the RMU be independent of the business unit or
business trading unit? \32\
---------------------------------------------------------------------------
\32\ See 17 CFR 23.600(b)(5). This concept relates to the fact
that an RMU may be wholly ``independent'' from the business unit or
business trading unit in terms of physical location and reporting
lines, but that does not necessarily equate to freedom from undue
influence. For example, during model validation activities, an SD's
business trading unit, whose staff created the model, may try to
improperly influence the RMU's model reviewer employees, who are
undertaking an independent assessment of it.
---------------------------------------------------------------------------
6. Are there other regulatory regimes the Commission should
consider in a holistic review of the RMP Regulations? For instance,
should the Commission consider harmonizing the RMP Regulations with the
risk management regimes of prudential regulators? \33\
---------------------------------------------------------------------------
\33\ See 7 U.S.C. 1a(39) (defining the term ``prudential
regulator''). Non-U.S. SDs may also be subject to prudential
supervision by regulatory authorities in their home jurisdiction.
---------------------------------------------------------------------------
7. Are there other portions of the RMP Regulations concerning
governance that are not addressed above that the Commission should
consider changing? Please explain.
B. Enumerated Risks in the Risk Management Program Regulations
The RMP Regulations specify certain enumerated risks that SDs' and
FCMs' RMPs must consider. Specifically, Regulation 23.600(c)(1)(i)
identifies specific areas of enumerated risk that an SD's RMP must take
into account: market risk, credit risk, liquidity risk, foreign
currency risk, legal risk, operational risk, and settlement risk.\34\
Though not identical, Regulation 1.11(e)(1)(i) similarly lists specific
areas of enumerated risk that an FCM's RMP must take into account:
market risk, credit risk, liquidity risk, foreign currency risk, legal
risk, operational risk, settlement risk, segregation risk,
technological risk, and capital risk.\35\
---------------------------------------------------------------------------
\34\ 17 CFR 23.600(c)(1).
\35\ 17 CFR 1.11(e)(1)(i).
---------------------------------------------------------------------------
Regulation 23.600(c)(4) requires that an SD's RMP include, but not
be limited to, policies and procedures necessary to monitor and manage
all of the risks enumerated in Regulation 23.600(c)(1)(i), as well as
requiring that the policies and procedures for each such risk take into
account specific risk management considerations.\36\ In contrast,
Regulation 1.11(e)(3) requires that an FCM's RMP include, but not be
limited to, policies and procedures that monitor and manage segregation
risk, operational risk, and capital risk, along with enumerating
specific risk management considerations that are required to be
included and/or addressed in the policies and procedures for these
risks.\37\ Unlike Regulation 23.600(c)(4), Regulation 1.11(e)(3) does
not explicitly require policies and procedures, or enumerate attendant
specific risk considerations, for all of the types of risk that must be
taken into account by an FCM's RMP pursuant to Regulation
1.11(e)(1)(i), focusing instead on segregation, operational, and
capital risks.
---------------------------------------------------------------------------
\36\ 17 CFR 23.600(c)(4).
\37\ 17 CFR 1.11(e)(3).
---------------------------------------------------------------------------
The Commission requests comment on SDs' and FCMs' enumerated risks
generally, including: (a) whether specific risk considerations that
must be taken into account with respect to certain enumerated risks
should be amended; (b) whether definitions should be added for each
enumerated risk; and finally, (c) whether the Commission should
enumerate and define any additional types of risk in the RMP
Regulations. In particular:
1. Should the Commission amend Regulation 1.11(e)(3) to require
that FCMs' RMPs include, but not be limited to, policies and procedures
necessary to monitor and manage all of the enumerated risks identified
in Regulation 1.11(e)(1) that an FCM's RMP is required to take into
account, not just segregation, operational, or capital risk (i.e.,
market risk, credit risk, liquidity risk, foreign currency risk, legal
risk, settlement risk, and technological risk)? If so, should the
Commission adopt specific risk management considerations for each
enumerated risk, similar to those described in Regulation 23.600(c)(4)?
2. Regulation 23.600(c)(4)(i) requires SDs to establish policies
and procedures necessary to monitor and manage market risk.\38\ These
policies and procedures must consider, among other things, ``timely and
reliable valuation data derived from, or verified by, sources that are
independent of the business trading unit, and if derived from pricing
models, that the models have been independently validated by qualified,
independent external or internal persons.'' \39\
---------------------------------------------------------------------------
\38\ 17 CFR 23.600(c)(4)(i).
\39\ 17 CFR 23.600(c)(4)(i)(B).
---------------------------------------------------------------------------
a. Does this validation requirement in Regulation
23.600(c)(4)(i)(B) warrant clarification?
b. Should validation, as it is currently required in Regulation
23.600(c)(4)(i)(B), align more closely with the validation of margin
models discussed in Regulation 23.154(b)(5)? \40\
---------------------------------------------------------------------------
\40\ 17 CFR 23.154(b)(5) (outlining the process and requirements
for the control, oversight, and validation mechanisms for initial
margin models).
---------------------------------------------------------------------------
3. The policies and procedures mandated by Regulations
23.600(c)(4)(i) and (ii) to monitor and manage market risk and credit
risk must take into account, among other considerations, daily
measurement of market exposure, including exposure due to unique
product characteristics and volatility of prices, and daily measurement
of overall credit exposure to comply with counterparty credit
limits.\41\ To manage their risk exposures, SDs employ various
financial risk management tools, including the exchange of initial
margin for uncleared swaps. In that regard, the Commission has set
forth minimum initial margin requirements for uncleared swaps,\42\
which can be calculated using either a standardized table or a
proprietary risk-based model.\43\ An SD's risk exposures to certain
products and underlying asset classes may, however, warrant the
collection and posting of initial margin above the minimum regulatory
requirements set forth in the standardized table. Should the Commission
expand the specific risk management considerations listed in
Regulations 23.600(c)(4)(i)-(ii) to add
[[Page 45830]]
that an SD's RMP policies and procedures designed to manage market risk
and/or credit risk must also take into account whether the collection
or posting of initial margin above the minimum regulatory requirements
set forth in the standardized table is warranted?
---------------------------------------------------------------------------
\41\ 17 CFR 23.600(c)(4)(i)-(ii).
\42\ 17 CFR 23.150-161. In adopting the margin requirements for
uncleared swaps, the Commission noted that the initial margin amount
required under the rules is a minimum requirement. See Margin
Requirements for Uncleared Swaps for Swap Dealers and Major Swap
Participants, 81 FR 636, 649 (Jan. 6, 2016). This is consistent with
CEA section 4s(e), which directed the Commission to prescribe by
rule or regulation minimum margin requirements for non-bank SDs. See
7 U.S.C. 6s(e)(2)(B).
\43\ 17 CFR 23.154.
---------------------------------------------------------------------------
4. The RMP Regulations enumerate, but do not define, the specific
risks that SDs' and FCMs' RMPs must take into account. Should the
Commission consider adding definitions for any or all of these
enumerated risks? If so, should the enumerated risk definitions be
identical for both SDs and FCMs?
5. The Federal Reserve and Basel III define ``operational risk'' as
the risk of loss resulting from inadequate or failed internal
processes, people, and systems or from external events.\44\ Would
adding a definition of ``operational risk'' to the RMP Regulations that
is closely aligned with this definition increase clarity and/or
efficiencies for SD and FCM risk management practices, or otherwise be
helpful? Should the Commission consider identifying specific sub-types
of operational risk for purposes of the SD and FCM RMP requirements?
---------------------------------------------------------------------------
\44\ 12 CFR 217.101(b); Basel Committee on Banking Supervision,
``Calculation of RWA for Operational Risk'' (Dec. 2019), available
at https://www.bis.org/basel_framework/chapter/OPE/10.htm?inforce=20191215&published=20191215.
---------------------------------------------------------------------------
6. Technological risk is identified in Regulation 1.11(e)(1)(i) as
a type of risk that an FCM's RMP must take into account; however,
technological risk is not similarly included in Regulation
23.600(c)(1)(i) as an enumerated risk that an SD's RMP must address.
Should the Commission amend Regulation 23.600(c)(1)(i) to add
technological risk as a type of risk that SDs' RMPs must take into
account?
a. Should technological risk, if added for SDs, be identified as a
specific risk consideration within operational risk, as described by
Regulation 23.600(c)(4)(vi), or should it be a standalone,
independently enumerated area of risk?
b. If technological risk is added as its own enumerated area of
risk, what risk considerations should an SD's RMP policies and
procedures address, as required by Regulation 23.600(c)(4)?
c. Relatedly, although technological risk is included in the
various types of risk that an FCM's RMP must take into account, no
specific risk considerations for technological risk are further
outlined in Regulation 1.11(e)(3).\45\ What, if any, specific risk
considerations for technological risk should be added to Regulation
1.11(e)(3)? Should the Commission categorize any additional specific
risk considerations for technological risk as a subset of the existing
``operational risk'' considerations in Regulation 1.11(e)(3)(ii), or
should ``technological risk'' have its own independent category of
specific risk considerations in Regulation 1.11(e)(3)?
---------------------------------------------------------------------------
\45\ See 17 CFR 1.11(e)(1)(i); cf. 17 CFR 1.11(e)(3)(i)-(iii).
---------------------------------------------------------------------------
d. Should the Commission define ``technological risk'' in the RMP
Regulations? For example, Canada's Office of the Superintendent of
Financial Institutions (OSFI) defines ``technology risk'' as ``the risk
arising from the inadequacy, disruption, destruction, failure, damage
from unauthorized access, modifications, or malicious use of
information technology assets, people or processes that enable and
support business needs and can result in financial loss and/or
reputational damage.'' \46\ If the Commission were to add a definition
of ``technological risk'' to the RMP Regulations, should it be
identical or similar to that recently finalized by OSFI? \47\ If not,
how should it otherwise be defined? Should the Commission consider
different definitions of ``technological risk'' for SDs and FCMs?
Should the Commission consider providing examples of ``information
technology assets'' to incorporate risks that may arise from the use of
certain emerging technologies, such as artificial intelligence and
machine learning technology, distributed ledger technologies (e.g.,
blockchains), digital asset and smart contract-related applications,
and algorithmic and other model-based technology applications?
---------------------------------------------------------------------------
\46\ See OSFI Guideline B-13, Technology and Cyber Risk
Management (July 2022), available at https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b13.aspx. The final Guideline B-
13 will be effective as of January 1, 2024.
\47\ The prudential regulators and the Securities and Exchange
Commission (SEC) have not yet proposed or adopted definitions of
``technological risk.'' Accordingly, Commission staff turned to non-
U.S. financial regulators for potential definitions of this term.
Canada's OSFI recently finalized its definition of ``technology
risk,'' following extensive engagement with industry and the public
that included the September 2020 publication of its discussion paper
and a consultation period from September to December 2020; the
issuance of proposed guidance in November 2021; and further
consultation on its proposed guidance from November 2021 to February
2022. See OSFI Releases New Guideline for Technology and Cyber Risk,
Balancing Innovation with Risk Management (July 13, 2022), available
at https://www.osfi-bsif.gc.ca/Eng/osfi-bsif/med/Pages/b13-nr.aspx.
---------------------------------------------------------------------------
7. Are there any other types of risk that the Commission should
consider enumerating in the RMP Regulations as risks required to be
monitored and managed by SDs' and FCMs' RMPs? Geopolitical risk?
Environmental, social and governance (ESG) risk? Climate-related
financial risk, including physical risk and transition risk such as the
energy transition? Reputational risk? Funding risk? Collateral risk?
Concentration risk? Model risk? Cybersecurity risk? Regulatory and
compliance risk arising from conduct in foreign jurisdictions?
Contagion risk?
a. Should these potential new risks be defined in the RMP
Regulations?
b. With respect to each newly suggested enumerated risk, what, if
any, specific risk considerations should an SD's or FCM's RMP policies
and procedures be required to include?
c. Are there international standards for risk management with which
the Commission should consider aligning the RMP Regulations?
C. Periodic Risk Exposure Reporting by Swap Dealers and Futures
Commission Merchants
In accordance with Regulation 23.600(c)(2), an SD must provide to
its senior management and governing body a quarterly RER containing
specific information on the SD's risk exposures and the current state
of its RMP; the RER shall also be provided to the SD's senior
management and governing body immediately upon the detection of any
material change in the risk exposure of the SD.\48\ SDs are required to
furnish copies of all RERs to the Commission within five (5) business
days of providing such RERs on a quarterly basis to their senior
management.\49\ Likewise, Regulation 1.11(e)(2) has an identical RER
requirement for FCMs.\50\
---------------------------------------------------------------------------
\48\ 17 CFR 23.600(c)(2). SD RERs shall set forth the market,
credit, liquidity, foreign currency, legal, operational, settlement,
and any other applicable risk exposures of the SD; any recommended
or completed changes to the RMP; the recommended time frame for
implementing recommended changes; and the status of any incomplete
implementation of previously recommended changes to the RMP. Id.
\49\ 17 CFR 23.600(c)(2)(ii).
\50\ 17 CFR 1.11(e)(2).
---------------------------------------------------------------------------
This Notice seeks comment generally on how the current RER regime
for SDs and FCMs could be improved, as well as specific responses to
the questions listed below:
1. At what frequency should the Commission require SDs and FCMs to
furnish copies of their RERs to the Commission?
2. Should the Commission consider changing the RER filing
requirements to require filing with the Commission by a certain day
(e.g., a week, month, or other specific timeframe after the quarter-
end), rather than tying the filing requirement to when the RER is
furnished to senior management?
3. Should the Commission consider harmonizing or aligning, in whole
or in part, the RER content requirements in
[[Page 45831]]
the RMP Regulations with those of the National Futures Association
(NFA)'s SD monthly risk data filings? \51\
---------------------------------------------------------------------------
\51\ SDs must report certain metrics related to market and
credit risk, including Value at Risk (VaR) for interest rates,
credit, forex, equities, commodities, and total VaR; total stressed
VaR; interest rate sensitivity by tenor bucket; credit spread
sensitivity; forex market sensitivities; commodity market
sensitivities; total swaps current exposure before collateral; total
swaps current exposure net of collateral; total credit valuation
adjustment or expected credit loss; and largest swaps counterparty
current exposures. See NFA, Notice I-17-10: Monthly Risk Data
Reporting Requirements for Swap Dealers (May 30, 2017), available at
https://www.nfa.futures.org/news/newsNotice.asp?ArticleID=4817.
---------------------------------------------------------------------------
a. If so, should the Commission consider any changes or additions
to the data metrics currently collected by NFA as could be required in
the RMP Regulations?
b. For FCMs who are not currently required to file monthly risk
data filings with NFA, were the Commission to adopt a monthly risk
exposure reporting requirement, are there different risk data metrics
for FCMs that it should consider including? If so, what are they?
4. Are there additional SD or FCM-specific data metrics or risk
management issues that the Commission should consider adding to the
content requirements of the RER?
5. Should the Commission consider prescribing the format of the
RERs? For instance, should the Commission consider requiring the RER to
be a template or form that SDs and FCMs fill out?
6. In furtherance of the RER filing requirement, should the
Commission consider allowing SDs and FCMs to furnish to the Commission
the internal risk reporting they already create, maintain, and/or use
for their risk management program?
a. If so, how often should these reports be required to be filed
with the Commission?
b. If the Commission allowed an SD or FCM to provide the Commission
with its own risk reporting, should the Commission prescribe certain
minimum content and/or format requirements?
7. Should the Commission consider prescribing the standard SDs and
FCMs use when determining whether they have experienced a material
change in risk exposure, pursuant to Regulations 23.600(c)(2)(i) and
1.11(e)(2)(i)? Alternatively, should the Commission continue to allow
SDs and FCMs to use their own internally-developed standards for
determining when such a material change in risk exposure has occurred?
8. Should the Commission clarify the requirements in Regulations
23.600(c)(2)(i) and 1.11(e)(2)(i) that RERs shall be provided to the
senior management and the governing body immediately upon detection of
any material change in the risk exposure of the SD or FCM?
9. Should the Commission consider setting a deadline for when an SD
or FCM must notify the Commission of any material changes in risk
exposure? If so, what should be the deadline?
10. Should the Commission consider additional governance
requirements in connection with the provision of the quarterly RER to
the senior management and the governing body of a SD, or of an FCM,
respectively?
11. Should the Commission require the RERs to report on risk at the
registrant level, the enterprise level (in cases where the registrant
is a subsidiary of, affiliated with, or guaranteed by a corporate
family), or both? What data metrics are relevant for each level?
12. Should the Commission require that RERs contain information
related to any breach of risk tolerance limits described in Regulations
23.600(c)(1)(i) and 1.11(e)(1)(i)? Alternatively, should the Commission
require prompt notice, outside of the RER requirement, of any breaches
of the risk tolerance limits that were approved by an SD's or FCM's
senior management and governing body? Should there be a materiality
standard for inclusion of breaches in RERs or requiring notice to the
Commission?
13. Should the Commission require that RERs contain information
related to material violations of the RMP policies or procedures
required in Regulations 23.600(b)(1) and 1.11(c)(1)?
14. Should the Commission require that RERs additionally discuss
any known issues, defects, or gaps in the risk management controls that
SDs and FCMs employ to monitor and manage the specific risk
considerations under Regulations 23.600(c)(4) and 1.11(e)(3), as well
as including a discussion of their progress toward mitigation and
remediation?
D. Other Areas of Risk
Recent market, credit, operational, and geopolitical events have
highlighted the critical importance of risk management and the need to
periodically review risk management practices. Therefore, the
Commission is interested in feedback and comment on other RMP-related
topics, specifically: (1) the segregation of customer funds and
safeguarding of counterparty collateral, and (2) risks posed by
affiliates, lines of business, and other trading activity. The
Commission continues to have confidence in its regulations governing
the segregation of customer funds in traditional derivatives markets.
The questions below are intended to assist the Commission in its
ongoing evaluation of whether and how RMP regulations and practices at
FCMs and SDs adequately and comprehensively address risks arising from
new or evolving market structures, products, and registrants.
a. Potential Risks Related to the Segregation of Customer Funds and
Safeguarding Counterparty Collateral
The segregation of customer funds and safeguarding of counterparty
collateral are cornerstones of the Commission's FCM and SD regulatory
regimes, respectively. Currently, the existing RMP Regulations address
the management of segregation risk and the safeguarding of counterparty
collateral in different ways, given the differing business models
between FCMs and SDs. Regulation 1.11(e)(3)(i) requires an FCM's RMP to
include written policies and procedures reasonably designed to ensure
segregated funds are separately accounted for and segregated or secured
as belonging to customers.\52\ This requirement further lists several
subjects that must, ``at a minimum,'' be addressed by an FCM's RMP
policies and procedures, including the evaluation and monitoring
process for approved depositories, the treatment of related residual
interest, transfers, and withdrawals, and permissible investments.
---------------------------------------------------------------------------
\52\ 17 CFR 1.11(e)(3)(i).
---------------------------------------------------------------------------
Although Regulation 23.600(c)(6) of the SD RMP Regulations requires
compliance with all capital and margin requirements, Regulation 23.600
does not explicitly require an SD's RMP to include written policies and
procedures to safeguard counterparty collateral. Rather, the Commission
chose to adopt Regulations 23.701 through 23.703 for the purpose of
establishing a separate framework for the elected segregation of assets
held as collateral in uncleared swap transactions.\53\ Additionally,
the Commission requires certain initial margin to be held through
custodial arrangements in accordance with Regulation 23.157.\54\
---------------------------------------------------------------------------
\53\ 17 CFR 23.701-23.703.
\54\ 17 CFR 23.157.
---------------------------------------------------------------------------
The Commission seeks comment generally on the risks attendant to
the segregation of customer funds and the safeguarding of counterparty
collateral. In addition, commenters should seek to address the
following questions:
1. Do the current RMP Regulations for FCMs adequately and
comprehensively require them to identify, monitor, and
[[Page 45832]]
manage the risks associated with the segregation of customer funds and
the protection of customer property? Are there other Commission
regulations that address these risks for FCMs?
2. Currently, the Commission understands that no FCM holds customer
property in the form of virtual currencies or other digital assets such
as stablecoins. To the extent that FCMs may consider engaging in this
activity in the future, would the current RMP Regulations for FCMs
adequately and comprehensively require them to identify, monitor, and
manage the risks associated with that activity, including custody with
a third-party entity?
3. Do the current RMP Regulations for SDs adequately and
comprehensively require them to identify, monitor, and manage all of
the risks associated with the collection, posting, and custody of
counterparty collateral and the protection of such assets? Are there
any other risks that should be addressed by the RMP Regulations for SDs
related to the collection, posting, and custody of counterparty
collateral?
4. Do the Commission's RMP Regulations adequately address risks to
customer funds or counterparty collateral that may be associated with
SDs and FCMs that have multiple business lines and registrations?
Although the Commission understands that SDs and FCMs currently engage
in limited activities with respect to digital assets, should the
Commission consider additional RMP requirements applicable to SDs and
FCMs that are or may become involved in, or affiliated with, the
provision of digital asset financial services or products (e.g.,
digital asset lending arrangements or derivatives)?
b. Potential Risks Posed by Affiliates, Lines of Business, and All
Other Trading Activity
In light of increasing market volatility and recent market
disruptions, as well as the growth of digital asset markets, the
Commission generally seeks comment on the risks posed by SDs' and FCMs'
affiliates and related trading activity. Generally, the RMP Regulations
require SD and FCM RMPs to take into account risks posed by affiliates
and related trading activity. Specifically, Regulation 23.600(c)(1)(ii)
requires an SD's RMP to take into account ``risks posed by affiliates''
with the RMP integrated into risk management functions at the
``consolidated entity level.'' \55\ Similarly, Regulation
1.11(e)(1)(ii) requires an FCM's RMP to take into account risks posed
by affiliates, all lines of business of the FCM, and all other trading
activity engaged in by the FCM.'' \56\
---------------------------------------------------------------------------
\55\ 17 CFR 23.600(c)(1)(ii).
\56\ 17 CFR 1.11(e)(1)(ii).
---------------------------------------------------------------------------
Some SDs and FCMs are subject to regulatory requirements designed
to mitigate certain risks arising from certain affiliate activities.
For example, SDs and FCMs that are affiliates or subsidiaries of a
banking entity may have to comply with certain restrictions and
requirements on inter-affiliate activities. Further, those SDs and FCMs
that are subject to the Volcker Rule, codified and implemented in part
75 of the Commission's regulations, and incorporated into other
requirements, such as Regulation 3.3, are subject to the Volcker Rule's
risk management program and compliance program requirements.\57\
---------------------------------------------------------------------------
\57\ 17 CFR part 75; 17 CFR 3.3.
---------------------------------------------------------------------------
The Commission seeks comment generally on the requirements related
to risks posed by affiliates and related trading activity found within
the RMP Regulations for SDs and FCMs, including non-bank affiliated SDs
or non-bank affiliated FCMs. In addition, commenters should seek to
address the following questions:
1. What risks do affiliates (including, but not limited to, parents
and subsidiaries) pose to SDs and FCMs? Are there risks posed by an
affiliate trading in physical commodity markets, trading in digital
asset markets, or relying on affiliated parties to meet regulatory
requirements or obligations? Are there contagion risks posed by the
credit exposures of affiliates? Are there risks posed by other lines of
business of an SD, or of an FCM, respectively, that are not adequately
or comprehensively addressed by the Commission's regulations,
including, as applicable, the Volcker Rule regulations found in 17 CFR
part 75?
2. Do the current RMP Regulations adequately and comprehensively
address the risks associated with the activities of affiliates (whether
such affiliates are unregulated, less regulated, or subject to
alternative regulatory regimes), or of other lines of business, of an
SD or of an FCM, respectively, that could affect SD or FCM operations?
Alternatively, to what extent are the risks posed by affiliates
discussed in this section adequately addressed through other regulatory
requirements (for example, the Volcker Rule or other prudential
regulations, or applicable non-U.S. laws, regulations, or standards)?
3. Should the Commission further expand on how SD and FCM RMPs
should address risks posed by affiliates in the RMP Regulations,
including any specific risks? Should the Commission consider
enumerating any specific risks posed by affiliates or related trading
activities within the RMP Regulations, either as a separate enumerated
risk, or as a subset of an existing enumerated area of risk (e.g.,
operational risk, credit risk, etc.)?
Issued in Washington, DC, on July 12, 2023, by the Commission.
Robert Sidman,
Deputy Secretary of the Commission.
Note: The following appendices will not appear in the Code of
Federal Regulations.
Appendices to Risk Management Program Regulations for Swap Dealers,
Major Swap Participants, and Futures Commission Merchants--Voting
Summary and Chairman's and Commissioners' Statements
Appendix 1--Voting Summary
On this matter, Chairman Behnam and Commissioners Johnson,
Goldsmith Romero, Mersinger, and Pham voted in the affirmative. No
Commissioner voted in the negative.
Appendix 2--Statement of Chairman Rostin Behnam
I appreciate all of the Market Participants Division staff's
hard work on this proposal. I look forward to the public's
thoughtful comments on the proposal to inform a potential future
rulemaking or guidance for the Commission's risk management program
regulations for swap dealers and futures commission merchants.
Appendix 3--Statement of Commissioner Christy Goldsmith Romero on
Advance Notice of Proposed Rulemaking on Risk Management Program
Regulations
Management of existing, evolving, and emerging risk is paramount
to the financial stability of the United States and global markets.
This is evidenced by the recent bank failures, followed by
subsequent government action taken out of regulatory concern over
possible contagion effect to other banks and broader economic
spillover.\1\ Federal Reserve Board Vice Chair Michael Barr recently
testified before the Senate at a hearing on the bank failures, ``the
events of the last few weeks raise questions about evolving risks
and what more can and should be done so that isolated banking
problems do not
[[Page 45833]]
undermine confidence in healthy banks and threaten the stability of
the banking system as a whole.'' \2\
---------------------------------------------------------------------------
\1\ See Statement of Martin J. Gruenberg, Chairman Federal
Deposit Insurance Corporation Chair on ``Recent Bank Failures and
the Federal Regulatory Response'' before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28, 2023) https://www.banking.senate.gov/imo/media/doc/Gruenberg%20Testimony%203-28-23.pdf; see also Hearing on Recent Bank Failures and the Federal
Regulatory Response, United States Senate Committee on Banking,
Housing, and Urban Affairs (Mar. 28, 2023) https://www.banking.senate.gov/hearings/recent-bank-failures-and-the-federal-regulatory-response.
\2\ Statement of Michael S. Barr, Vice Chair for Supervision,
Board of Governors of the Federal Reserve System before the
Committee of Banking, Housing and Urban Affairs, U.S. Senate (Mar.
28, 2023) https://www.banking.senate.gov/imo/media/doc/Barr%20Testimony%203-28-231.pdf.
---------------------------------------------------------------------------
Sound risk management is particularly crucial for CFTC-
registered swap dealers, the majority of which are global
systemically important banks on Wall Street (or their affiliates) or
other prudentially-regulated banks. If there was any one issue at
the center of the 2008 financial crisis, it was the failure of risk
management by Wall Street. The Dodd-Frank Wall Street Reform and
Consumer Protection Act required these dealers to establish and
maintain risk management programs. The Commission implemented its
risk management requirements for swap dealers in 2012. Then in 2013,
the Commission required that brokers in the derivatives markets,
known as futures commission merchants (``FCMs''), establish and
maintain risk management programs after two brokers, MF Global and
Peregrine Financial, misused customer funds and collapsed from a
combination of hidden risks and fraud.\3\
---------------------------------------------------------------------------
\3\ This dovetailed with Commission requirements that brokers
segregate customer assets from company assets and house accounts.
---------------------------------------------------------------------------
Re-evaluating our risk management rules is responsible and
necessary to keep pace with evolving markets that can give rise to
emerging risk. The last three years presented unprecedented risk.
The pandemic, its lingering supply chain disruptions, Russia's war
against Ukraine, climate disasters that proved to be the most-costly
three years on record, a spike in ransomware and other cyber attacks
(including on ION Markets and Colonial Pipeline), and increasing
geo-political tensions involving the U.S. and China, have emerged as
often interrelated areas of significant risk. Additionally, as
Chairman of the Federal Deposit Insurance Corporation (``FDIC''),
Martin Gruenberg testified before the Senate, ``the financial system
continues to face significant downside risks from the effects of
inflation, rising market interest rates, and continuing geopolitical
uncertainties.'' \4\
---------------------------------------------------------------------------
\4\ See Statement of Martin J. Gruenberg, Chairman Federal
Deposit Insurance Corporation Chair on ``Recent Bank Failures and
the Federal Regulatory Response'' before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28, 2023) https://www.banking.senate.gov/imo/media/doc/Gruenberg%20Testimony%203-28-23.pdf.
---------------------------------------------------------------------------
Evolving technologies like digital assets, artificial
intelligence, and cloud services, also have emerged as areas that
can carry significant risk.\5\ Vice Chair Barr testified before the
Senate, ``recent events have shown that we must evolve our
understanding of banking in light of changing technologies and
emerging risks. To that end, we are analyzing what recent events
have taught us about banking, customer behavior, social media,
concentrated and novel business models, rapid growth, deposit runs,
interest rate risk, and other factors, and we are considering the
implications for how we should be regulating and supervising our
financial institutions. And for how we think about financial
stability.'' \6\
---------------------------------------------------------------------------
\5\ See Commissioner Christy Goldsmith Romero, Opening Remarks
at the Technology Advisory Committee on DeFi, Responsible Artificial
Intelligence, Cloud Technology & Cyber Resilience (Mar. 22, 2023),
https://www.cftc.gov/PressRoom/SpeechesTestimony/romerostatement032223; see also Department of Treasury, The
Financial Services Sector's Adoption of Cloud Services (Feb. 8,
2023), https://home.treasury.gov/news/press-releases/jy1252.
\6\ See Statement of Michael S. Barr, Vice Chair for
Supervision, Board of Governors of the Federal Reserve System before
the Committee of Banking, Housing and Urban Affairs, U.S. Senate
(Mar. 28, 2023) https://www.banking.senate.gov/imo/media/doc/Barr%20Testimony%203-28-231.pdf (adding that Silicon Valley Bank
``failed to manage the risks of its liabilities. These liabilities
were largely composed of deposits from venture capital firms and the
tech sector, which were highly concentrated and could be
volatile.'')
---------------------------------------------------------------------------
The Commission should ensure that our risk management frameworks
for banks and brokers reflect and keep pace with the significant
evolution of financial stability risk. It is equally important for
the Commission to be forward-looking to ensure that our risk
management frameworks capture future risk as it could evolve or
emerge.\7\ The Commission is considering whether to enumerate
specific areas of risk that banks and brokers would be required to
address. This could include for example, geopolitical risk,
cybersecurity risk, climate-related financial risk or contagion
risk.
---------------------------------------------------------------------------
\7\ Additionally, CFTC staff have observed significant variance
in how swap dealers and brokers are defining and reporting on risk
areas, making it difficult for CFTC staff to gain a clear
understanding of how specific risk exposures are being monitored and
managed. Furthermore, some swap dealers have indicated that they do
not rely on the information in CFTC risk reporting for their
internal risk management. Improving the efficacy of CFTC
requirements for swap dealers' own risk management, along with the
Commission's ability to monitor risk are worthwhile goals.
---------------------------------------------------------------------------
The Commission seeks public comment in its reassessment of its
risk management frameworks. I am particularly interested in comment
on the following areas: (1) Technology Risk; (2) Cyber Risk; (3)
Affiliate Risk; (4) Risk related to segregating customer funds and
safeguarding counterparty collateral; and (5) Climate-Related
Financial Risk.
Technology Risk
Risk has emerged from the evolution of technology. Distributed
ledger networks are being used or considered in certain markets; cloud
data storage and computing has gone mainstream; and artificial
intelligence hold the power to transform businesses. Many firms are
also integrating, or are interested in integrating, digital assets into
their businesses, or plan to do so. All of these emerging or evolving
technologies carry risks.
Digital assets carry risks--something that has become all too clear
in the past year. Silvergate Bank, which recently failed, was almost
exclusively known for providing services to digital asset firms.\8\
According to FDIC Chairman Gruenberg, ``Following the collapse of
digital asset exchange FTX in November 2022, Silvergate Bank released a
statement indicating that it had $11.9 billion in digital asset-related
deposits, and that FTX represented less than 10 percent of total
deposits in an effort to explain that its exposure to the digital asset
exchange was limited. Nevertheless, in the fourth quarter of 2022,
Silvergate Bank experienced an outflow of deposits from digital asset
customers that, combined with the FTX deposits, resulted in a 68
percent loss in deposits--from $11.9 billion in deposits to $3.8
billion. That rapid loss of deposits caused Silvergate Bank to sell
debt securities to cover deposit withdrawals, resulting in a net
earnings loss of $1 billion. On March 1, 2023, Silvergate Bank
announced it would be delaying issuance of its 2022 financial
statements and indicated that recent events raised concerns about its
ability to operate as a going concern, which resulted in a steep drop
in Silvergate Bank's stock price. On March 8, 2023, Silvergate Bank
announced that it would self-liquidate.'' \9\
---------------------------------------------------------------------------
\8\ See Statement of Martin J. Gruenberg, Chairman Federal
Deposit Insurance Corporation Chair on ``Recent Bank Failures and
the Federal Regulatory Response'' before the Committee of Banking,
Housing and Urban Affairs, U.S. Senate (Mar. 28, 2023) https://www.banking.senate.gov/imo/media/doc/Gruenberg%20Testimony%203-28-23.pdf.
\9\ See Id.
---------------------------------------------------------------------------
Chairman Gruenberg further testified, ``Like Silvergate Bank,
Signature Bank had also focused a significant portion of its business
model on the digital asset industry. . . . Silvergate Bank operated a
similar platform that was also used by digital asset firms. . . . In
the second and third quarters of 2022, Signature Bank, like Silvergate,
experienced deposit withdrawals and a drop in its stock price as a
consequence of disruptions in the digital asset market due to failures
of several high profile digital asset companies.'' \10\
---------------------------------------------------------------------------
\10\ See Id.
---------------------------------------------------------------------------
These technological advancements, with their accompanying risks,
necessitate the Commission revisiting our regulatory oversight,
including our risk management requirements. This is similar to other
regulators revisiting their oversight in this area. According to Vice
Chair Barr, the Federal Reserve ``recently decided to establish a
dedicated novel activity supervisory group, with a team of experts
focused on risks of novel activities, which should help improve
oversight of banks like SVB in the future.'' \11\
---------------------------------------------------------------------------
\11\ Statement of Michael S. Barr, Vice Chair for Supervision,
Board of Governors of the Federal Reserve System before the
Committee of Banking, Housing and Urban Affairs, U.S. Senate (Mar.
28, 2023) https://www.banking.senate.gov/imo/media/doc/Barr%20Testimony%203-28-231.pdf.
---------------------------------------------------------------------------
[[Page 45834]]
I am interested in comments on how the Commission should amend its
risk management requirements to ensure that risks from technology are
adequately identified, monitored, assessed and managed. I am also
interested in public comment on any gaps in our risk management
regulations that the Commission should address regarding technology.
Cyber Risk
I am interested in public comment about how the Commission should
update its risk management frameworks to address the growing and
increasingly sophisticated threat of cyber attacks. The White House's
recent National Cybersecurity Strategy stated:
Our rapidly evolving world demands a more intentional, more
coordinated, and more well-resourced approach to cyber defense. We
face a complex threat environment, with state and non-state actors
developing and executing novel campaigns to threaten our interests.
At the same time, next-generation technologies are reaching maturity
at an accelerating pace, creating new pathways for innovation while
increasing digital interdependencies.\12\
---------------------------------------------------------------------------
\12\ The White House, Fact Sheet: Biden-Harris Administration
Announces National Cybersecurity Strategy, (Mar. 2, 2023), https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/.
---------------------------------------------------------------------------
Global cyber criminals and state-sponsored efforts can create or
leverage a serious disruption to markets.
I am also interested in comment on how the Commission should
address risk management related to third party service providers. As
I said in a speech in November, ``Even if financial firms have
strong cybersecurity systems, their cybersecurity is only as strong
as their most vulnerable third-party service provider. The threat
can compound where several firms use the same software or other
provider.'' \13\ Subsequently in February, a third-party service
provider ION Markets suffered a cyber attack that compromised a
number of brokers in the derivatives market. Treasury Deputy
Assistant Secretary Todd Conklin, a member of the CFTC Technology
Advisory Committee (``TAC'') presented at a recent TAC meeting that
ION was not considered by firms to be a critical vendor.\14\ Given
the severe threat of cyber attacks, I am interested in commenters'
views on whether the Commission should specifically enumerate cyber
risk, specifically include risks associated with third-party service
providers in risk management frameworks, or include other
requirements to ensure that cyber risk is adequately and
comprehensively identified, assessed, and managed.
---------------------------------------------------------------------------
\13\ See Commissioner Christy Goldsmith Romero, U.S. Commodity
Futures Trading Commission, Protecting Against Emerging Global
Fintech Threats in Cyberspace and Cryptocurrencies (Nov. 30, 2022),
Keynote Remarks of Commissioner Christy Goldsmith Romero at the
Futures Industry Association, Asia Derivatives Conference,
Singapore, https://www.cftc.gov/PressRoom/SpeechesTestimony/oparomero4.
\14\ See Technology Advisory Committee meeting (Mar. 22, 2023)
Commissioner Goldsmith Romero Announces Technology Advisory
Committee Meeting Agenda That Includes Cybersecurity, Decentralized
Finance, and Artificial Intelligence, https://www.cftc.gov/PressRoom/Events/opaeventtac032223.
---------------------------------------------------------------------------
Affiliate Risk
I am interested in commenters views on the questions related to
affiliate risks, especially those related to risks that unregulated
affiliates can pose to regulated entities. Currently, the
Commission's rules provide that the risk management frameworks of
banks and brokers shall ``take into account'' risks posed by
affiliates. Affiliate risks can take many forms--from counterparty
credit risk to operational risks to many others. The questions posed
in this ANPRM are designed to flesh out details about affiliate
risks, and whether such risks are sufficiently identified and
adequately managed.
Understanding affiliate risks is critically important given
lessons learned from the past and more recent events. For example,
AIG Financial Products (``AIGFP'') is the poster child for how risk
of a seemingly remote, unregulated affiliate could undermine the
stability of a large, diversified financial institution. AIGFP's
damage reached well beyond its affiliates. AIGFP was a source of
contagion for other market participants, ultimately spreading risks
across Wall Street, contributing to a global financial crisis and
massive taxpayer bailout. Most recently, the abrupt collapse of FTX,
with its alleged lack of separation between affiliates as found by
new CEO John Ray, led to a bankruptcy with more than 130 affiliate
debtors, tying up billions of dollars and more than one million
customers and creditors. Although LedgerX, a CFTC-regulated FTX
affiliate, is not a debtor in the bankruptcy, the debtors sold
LedgerX as a result.
Existing Commission rules require that banks' and brokers' risk
management programs ``take into account'' risks related to lines of
business. That could include, for example, digital asset markets. In
January, before the bank failures, federal bank regulatory agencies
issued a recent joint statement outlining numerous ``key risks''
associated with bank involvement in the crypto-asset sector.\15\ I
am interested in public comment on those key risks as they may apply
specifically to the CFTC's regulated banks and brokers. About half
of all CFTC-registered swap dealers are subject to some form of
oversight by the prudential regulators.
---------------------------------------------------------------------------
\15\ Joint Statement on Crypto-Asset Risks to Banking
Organizations, Board of Governors of the Federal Reserve System, the
Federal Deposit Insurance Corporation, and the Office of the
Comptroller of the Currency (Jan. 3, 2023), https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20230103a1.pdf.
---------------------------------------------------------------------------
Many brokers have expressed an interest in becoming further
involved in digital assets as well. Risks can arise from regulated
trading in crypto derivatives. The unregulated spot markets carry
additional risks as seen with the collapse of FTX, Terra Luna,
Celsius and numerous others that have resulted in substantial
losses. This is in addition to operational risks and risks
associated with rampant fraud and illicit finance in some parts of
the crypto markets.
Risk Related to the Segregation of Customer Property and
Safeguarding Counterparty Collateral in the Digital Asset Space
Digital assets raise a host of issues about safeguarding
customer property that were not contemplated at the time of the 2013
risk management rule or the Commission's customer protection rules
for brokers to segregate customer assets from company assets. For
example, brokers may explore holding customer property in the form
of stablecoins or other digital assets that could result in unknown
and unique risks. These brokers may be confronted by third-party
custody and other risks that should be identified and managed.
Physical delivery may also present risk, particularly given the
proliferation of cyber hacks. Application of the Commission's
segregation rules may also need to be updated based on future risks
related to digital assets (even risks not contemplated by the
Commission today). I look forward to commenters' responses in this
area.
It is necessary for the CFTC to seek public comment on our risk
management framework in this important area of emerging risk so that
we keep pace with evolution in our markets and technology. We should
not assume that our existing segregation rules and risk management
framework comprehensively cover the evolving risks in the
markets.\16\ The Commission does not have a window into certain
unregulated spaces, such as with digital assets, which could obscure
risks faced by CFTC-regulated banks or brokers. Integration of
digital assets with banks and brokers, and the risks that could be
posed, could continue to evolve.
---------------------------------------------------------------------------
\16\ The same could be true of swap dealers related to
safeguarding counterparty collateral.
---------------------------------------------------------------------------
Climate-Related Financial Risk
Developments in the management of climate-related financial risk
are an important example of the need for the Commission to adopt a
framework that helps banks and brokers keep pace with such emerging
risks. When the Climate-Related Market Risk Subcommittee of our
Market Risk Advisory Committee released its report in September
2020, it was a ``first-of-its-kind effort from a U.S. government
entity.'' \17\ Since then, other U.S. financial regulators have not
only echoed this acknowledgment,\18\ but have moved ahead to
[[Page 45835]]
define the risk management framework that banks and other regulated
entities must adopt for addressing physical and transition risks
posed by climate change.\19\ Banks and brokers need frameworks that
let them adapt to both the increasingly dire projections by climate
scientists about the scope of physical impacts,\20\ and to the
massive economic impetus to a transition to a lower carbon
environment created via Congressional passage of the Inflation
Reduction Act, the Bipartisan Infrastructure Law, and the CHIPS and
Science Act.
---------------------------------------------------------------------------
\17\ CFTC, CFTC's Climate-Related Market Risk Subcommittee
Releases Report (Sept. 9, 2020), https://www.cftc.gov/PressRoom/PressReleases/8234-20.
\18\ See Financial Stability Oversight Council, Financial
Stability Oversight Council Identifies Climate Change as an Emerging
and Increasing Threat to Financial Stability (October 21, 2021)
https://home.treasury.gov/news/press-releases/jy0426.
\19\ See, e.g., Federal Deposit Insurance Corporation, FIL-13-
2022, Request for Comment on Statement of Principles for Climate-
Related Financial Risk Management for Large Financial Institutions
(March 30, 2022), https://www.fdic.gov/news/financial-institution-letters/2022/fil22013.html.
\20\ Intergovernmental Panel on Climate Change, Climate Change
2022: Impacts, Adaptation and Vulnerability (2022), https://www.ipcc.ch/report/ar6/wg2/chapter/summary-for-policymakers/.
---------------------------------------------------------------------------
In just three years, climate-related financial risk management
has gone from novelty to necessity. We should develop a framework
that helps banks and brokers remain resilient to risks like this
one, which will continue to develop for years to come. I have been
advocating for the Commission to enhance its understanding of how
market participants are managing climate-related financial risk.\21\
To that end, over the past year, I have been working with the
National Futures Association (``NFA'') on a recently completed
special project to assess how some of its members are identifying
and managing climate-related financial risk. NFA learned that some
of its members, particularly those already subject to oversight by
U.S. and foreign banking regulators, are taking steps to manage both
physical and transition risks. I look forward to hearing from
commenters on how best to adapt our framework to incorporate these
kinds of emerging risks.
---------------------------------------------------------------------------
\21\ See Commissioner Christy Goldsmith Romero, U.S. Commodity
Futures Trading Commission, Promoting Market Resilience (Sept. 28,
2022), Statement of Commissioner Christy Goldsmith Romero before the
Market Risk Advisory Committee, https://www.cftc.gov/PressRoom/SpeechesTestimony/romerostatement092822; Statement of CFTC
Commissioner Christy Goldsmith Romero In Support of the Commission's
Request for Information on Climate-Related Financial Risk (June 2,
2022), https://www.cftc.gov/PressRoom/SpeechesTestimony/romerostatement060222.
---------------------------------------------------------------------------
Conclusion
Sound risk management by banks (and other dealers) and brokers
at the center of the U.S. derivatives markets is critical to
financial stability. The stakes are high. These financial
institutions and others take and carry significant risks that could
impact financial stability. They are on the front lines of our
financial markets, directly engaging with customers or
counterparties. Customers have billions of dollars entrusted to
these institutions. Market participants depend on liquidity,
clearing and other critical functions performed by these
institutions.
The Commission must fulfill its own responsibility to ensure
that risk management programs at these institutions address the full
scope of risks to customers, firms and markets, including keeping
pace with evolving and emerging risk. We may never know how many
catastrophes were avoided as a result of sound risk management
programs, but we have seen what can happen when risks are not well
managed.
Appendix 4--Statement of Commissioner Caroline D. Pham
I support the Advance Notice of Proposed Rulemaking (ANPRM)
seeking public comment on potential amendments to the Risk
Management Program (RMP) requirements in CFTC rules 23.600 and 1.11
\1\ (collectively, RMP Rules) applicable to swap dealers and futures
commission merchants (FCMs), respectively. I believe in continuous
improvement for not only our market participants, but for the
Commission and its regulations too.
---------------------------------------------------------------------------
\1\ See 17 CFR 23.600 and 1.11.
---------------------------------------------------------------------------
I would like to thank the staff of the Market Participants
Division for working closely with me on this ANPRM, and making
revisions in response to my concerns, in particular Amanda Olear,
Pamela Geraghty, Fern Simmons, Elizabeth Groover, and Samantha
Ostrom. I also appreciate the opportunity to work collaboratively
with the Chairman and my fellow Commissioners.
It is critical that the public has the opportunity to provide
input on any potential amendment or expansion of RMP requirements
that is informed by actual experience from risk management officers,
other control functions, and practitioners who have implemented and
complied with the RMP Rules for the past 10 years, oftentimes within
a broader enterprise-wide risk management program pursuant to other
requirements from other regulators.
Because the CFTC's rules are often only one part of much broader
risk governance frameworks for financial institutions, the
Commission must ensure that it has the full picture before coming to
conclusions to ensure that our rules not only address any potential
regulatory gaps or changes in risk profiles, but also avoids issuing
rules that are conflicting, duplicative, or unworkable with other
regulatory regimes.
For example, the CFTC currently has 106 provisionally registered
swap dealers.\2\ Of these 106 entities, both U.S. and non-U.S., all
but a handful are also registered with and supervised by another
agency or authority, such as a prudential, functional, or market
regulator. Most of these swap dealers are subject to three or more
regulatory regimes.
---------------------------------------------------------------------------
\2\ See CFTC provisionally registered swap dealers, as of
January 30, 2023, available at https://www.cftc.gov/LawRegulation/DoddFrankAct/registerswapdealer.html.
---------------------------------------------------------------------------
Therefore, it is imperative that the Commission and the staff
consider how the CFTC's RMP Rules work in practice together with the
rules of other regulators, whether foreign or domestic. This key
point is easily apparent in looking at the CFTC's substituted
compliance regime for non-U.S. swap dealers, where the Commission
has expressly found that non-U.S. swap dealers in certain
jurisdictions are subject to comparable and comprehensive
regulation, and therefore permits such non-U.S. swap dealers to
``substitute'' compliance with home jurisdiction risk management
regulations to satisfy CFTC rule 23.600.\3\
---------------------------------------------------------------------------
\3\ On December 27, 2013, the Commission issued comparability
determinations for certain entity-level requirements, including risk
management, for the following jurisdictions: European Union; Canada;
Switzerland; Japan; Hong Kong; and Australia. See Comparability
Determinations for Substituted Compliance Purposes, available at
https://www.cftc.gov/LawRegulation/DoddFrankAct/CDSCP/index.htm
(July 11, 2023).
---------------------------------------------------------------------------
Issuing an ANPRM can be beneficial to initiate an open process
to request information and stimulate dialogue with the public. As
stated in the preamble, ``After Regulation 23.600 was initially
adopted in 2012, the Commission received a number of questions from
[swap dealers] concerning compliance with these requirements,
particularly those concerning governance . . . . The intervening
decade of examination findings and ongoing requests for staff
guidance from [swap dealers] with respect to Regulation 23.600
warrant consideration of the Commission's rules and additional
public discourse on this topic.'' The preamble also states,
``Furthermore, a number of [swap dealers] have indicated that the
quarterly [risk exposure reports] are not relied upon for their
internal risk management purposes, but rather, they are created
solely to comply with Regulation 23.600, indicating to the
Commission that additional consideration of the [risk exposure
report] requirement is warranted.''
I commend the Commission and staff for seeking to address areas
of potential confusion, inconsistency, and inefficiencies in the RMP
Rules. Risk management must be more than an exercise in paperwork.
And lack of regulatory clarity can actually inhibit compliance
simply because our registrants are unsure of supervisory
expectations and are unclear as to what to implement. That is why I
am focused as a Commissioner on providing clear rules and guidance
to facilitate compliance with the Commission's regulations. I also
support using this opportunity to improve our RMP Rules and I
encourage commenters to explore how the RMP Rules could be aligned
with other risk governance and risk management frameworks, such as
prudential requirements for banking organizations, in order to more
effectively and efficiently address risks.
Regarding potential risks related to the segregation of customer
funds and safeguarding counterparty collateral, I will note that the
CFTC's existing rules are the gold standard for customer protection
around the world. Further, our existing rules also address potential
risks posed by affiliates, lines of business, and all other trading
activity. While much attention has been paid to widespread fraud and
failures of risk management in the cryptocurrency sector, it bears
reminding that a so-called crypto exchange is a very different type
of organization and business model from a highly regulated financial
institution. The public should take care to avoid conflating these
completely different entities--it is at least as wholly unlike one
another as a domesticated housecat and a wild tiger. I look forward
to comments on these two other areas of risk.
[[Page 45836]]
Nonetheless, neither the Commission nor our registrants should
be complacent. I reiterate this statement in the preamble: ``[T]he
Commission also reminds [swap dealers] and FCMs that their RMPs may
require periodic updates to reflect and keep pace with technological
innovations that have developed or evolved since the Commission
first promulgated the RMP Regulations.'' The benefit of a
principles-based regulatory framework is that it can more quickly
anticipate and adapt to changes in risk profiles or the operating
environment. I believe our rules must be broad and flexible enough
to be forward-looking and evergreen, because it is simply not
possible to prescribe every last requirement for the unknown future.
Accordingly, swap dealers and FCMs must be vigilant and address new
and emerging risks in their RMPs through various risk stripes as
appropriate--whether from changing market conditions, technological
developments, geopolitical concerns, or any other event.
I welcome input from commenters to inform the Commission and the
staff regarding the application of the RMP Rules to swap dealers and
FCMs, especially those entities that are part of a banking
organization, and to describe in a detailed manner the policies,
procedures, processes, systems, controls, testing, and audits that
are part of an RMP, and associated governance requirements. In this
way, it will be more clearly apparent to the Commission and staff
that the vast majority of swap dealers and FCMs are part of
enterprise-wide risk management programs that the industry spends
billions of dollars on each year, with thousands of personnel across
the three lines of defense. In addition, the CFTC's stringent RMP
governance provisions ensure management accountability and
responsibility, and the RMP Rules prescribe various requirements for
swap dealers to address market risk, credit risk, liquidity risk,
foreign currency risk, legal risk, operational risk, and settlement
risk,\4\ and for FCMs to address market risk, credit risk, liquidity
risk, foreign currency risk, legal risk, operational risk,
settlement risk, segregation risk, technological risk, and capital
risk.\5\
---------------------------------------------------------------------------
\4\ 17 CFR 23.600(c)(1).
\5\ 17 CFR 1.11(e)(1)(i).
---------------------------------------------------------------------------
Of course, financial institutions can still have lapses in risk
management and weaknesses in their control environment. This is
evident in the high-profile news stories of the past few years. But
the appropriate response is for regulators, including the CFTC and
National Futures Association (NFA), to increase focus and resources
on compliance examinations to ensure that swap dealers and FCMs are
complying with the rules we already have--not piling on more rules
that ultimately do not enhance sound risk management and governance,
and further dilute limited resources, time, and attention.\6\ In
instances of especially egregious or prolonged deficiencies,
material weakness, or misconduct by management, then enforcement
actions may be appropriate, and the Commission should not shy away
from this step.
---------------------------------------------------------------------------
\6\ See Opening Statement of Commissioner Caroline D. Pham
before the CFTC Technology Advisory Committee, March 22, 2023,
available at https://www.cftc.gov/PressRoom/SpeechesTestimony/phamstatement032223.
[FR Doc. 2023-15056 Filed 7-17-23; 8:45 am]
BILLING CODE 6351-01-P
