The CFTC requires annual CCO reports to be filed on behalf of Swap Dealers, Major Swap Participants, and Futures Commission Merchants. Since starting to receive these reports, they have determined that an advisory is needed to clarify the Regulator’s expectations regarding the content and ownership of the reporting.
Amid the COVID-19 pandemic, the NFA has given relief from various filing deadlines, among them has been extending the submission deadline for Chief Compliance Officer (CCO) Annual Reports.
The new Chief Compliance Officer Annual Report guidance from the CFTC
The latest advisory by the CFTC was released in December and states the Regulator requires more detailed information on the primary risks to the business as the Management assesses them. This includes information on what plans are in place to address the issues identified. Acceptable plans include key aspects such as committed resources, budgets, technologies, and timelines. The question for SD, MSP and FCM managements is whether they are prepared to provide this level of information required?
The CFTC has concluded that regulated firms have not consistently and proactively reported on key risks, emerging or actual self-identified areas of noncompliance. Where such deficiencies may exist, often the remediation plans included in the CCO report are insufficient, lacking the appropriate level of strategy and budget.
This clearly increases the pressure on regulatory compliance for each entity and will also force firms to meet rising expectations expressed through “industry best practices”, developed through the CCO reporting. The CFTC is focused on creating standards that all firms need to adhere, adapted to their individual risk profiles.
These competitive pressures will be conveyed through further industry guidance and specific recommendations. Firms can also be fined if they have not disclosed fully and honestly; an example of this can be seen in the recent BGC order where the CCO report failed to adequately disclose “material noncompliance issues related to voice capture and retention and to sufficiently describe the connection of those issues to identified remediation efforts”.
What are CCOs required to submit to the CFTC?
There are five main areas of the CCO report which should show a complete view of the firm’s compliance with regulatory requirements. Including its own internal policies and procedures. These are:
- Areas of improvement
- Financial, managerial, operational and staffing resources
- Material noncompliance issues
- Furnishing the annual report and related matters
- The certification requirement
Critically, the CCO report is not only a report to the Regulator. It is meant to be a key internal report detailing Management’s overall assessment of compliance, areas requiring strengthening identified, and associated action plans defined. The report must reflect a thoughtful and credible internal risk assessment, and how well these risks are managed in the context of the established business plans. It cannot only include areas of non-compliance identified by third parties.
For global firms, there is the additional challenge that the CFTC wants transparency on resources and technologies fully attributed to the companies they regulate. Rather than being represented only at a more consolidated, group-level. The Regulators understand the concept of shared resources, but this level of presentation is not sufficient.
The message here is that there must be a strong commitment from global firms to comply with all applicable US regulations. Even if they are not fully aligned with home country requirements (absent the availability of substitute compliance).
The role of Surveillance in the CCO report
A core element of the CCO report is the requirement for firms to evaluate the effectiveness of their policies and procedures.
For surveillance, this is where firms start - developing comprehensive policies and procedures and writing down the “do’s and don’ts” of conduct and behaviors. But without a credible surveillance program, a firm can be blind to evaluating whether its staff is respecting them, and to what degree.
Surveillance plays a key role in the eyes of the CFTC, in managing topics such as risks of collusion, ensuring market integrity, satisfying client risk disclosures, and others. How can Senior Management feel in control of their risks without a developed surveillance program? This is the key challenge that needs addressing to ensure compliance.
What does a strong Surveillance program look like?
Having smart and usable technology combined with qualified analysis is where CCOs should be aiming for. Not only because it enables effective and scalable surveillance to help manage traditional compliance risks, but it will leverage supervisors in monitoring their team’s conduct through their communications. Whether that’s intra-desk, inter-desk, with Functional teams, with clients, with brokers, and with vendors. The key aspects of the surveillance technology will include:
- Monitoring across all communication channels
⇒ i.e. Enables surveillance of more complex transactions that typically involve multiple teams and locations
- Surveillance and record-keeping across new channels such as WhatsApp
⇒ i.e. Clients ask to be contacted via new channels for convenience despite internal policies of service providers
- Intelligent and flexible policies to alert to risks like Collusion and Market Abuse
⇒ i.e. Develop targeted policies to identify rate setting collusion risk between cash and derivatives desks
- Linking your surveillance system to a Trade Reconstruction tool
⇒ i.e. Advanced technology enables voice recordings to be digitized and key data elements mapped to trade data elements
Communications Surveillance can give you the visibility you need over employee conduct and behaviors and increase the productivity of your compliance team.