On September 10, 2020, the CFTC’s Division of Enforcement issued guidance outlining the factors that Division staff will consider when evaluating the compliance programs of CFTC registrants and other persons who participate in markets subject to the CFTC’s jurisdiction in connection with enforcement matters (the “Compliance Guidance”). Other federal agencies have issued similar guidance. For example, the U.S. Department of Justice issued its guidance, titled “Evaluation of Corporate Compliance Programs,” in February 2017, and most recently updated that guidance in June 2020.1 The Federal Energy Regulatory Commission issued its “Policy Statement on Compliance” in October 2008.2 Perhaps because of the breadth of its jurisdiction, the SEC has not issued a single set of compliance guidelines. Instead, its component divisions issue guidance related to their specific mandates.3
The Compliance Guidance will be binding on Division staff and is set to be published in the CFTC’s Enforcement Manual. It is another step in the CFTC’s efforts to provide greater clarity to market participants that are the focus of a Division investigation. For example, the Compliance Guidance builds upon the Division’s May 2020 guidance providing factors that it considers when recommending civil monetary penalties to the CFTC.4 In addition, the Division published guidance in January and September 2017 concerning how it assesses cooperation in the context of an investigation and the credit it will provide for self-reporting violations.5
The factors that the Division will consider in evaluating the sufficiency of compliance programs are substantially the same as factors that the CFTC has identified in its speaking orders accepting settlements and that have been included in guidance issued by other federal agencies. At this point, most CFTC registrants and participants in markets subject to the CFTC’s jurisdiction should have in place compliance programs that already are consistent with the Compliance Guidance. If not, they promptly should update their compliance policies and procedures and make sure that they devote sufficient personnel and technological resources to their compliance program.
One aspect of the Compliance Guidance that registrants and market participants should monitor is the extent to which the Division coordinates its assessment of a compliance program with the subject matter experts within the CFTC. Under the Compliance Guidance, the Division may consult with subject matter experts at the CFTC, but is not required to do so. Given the important roles that the CFTC’s Division of Market Oversight and Division of Swap Dealer and Intermediary Oversight play in formulating the regulatory requirements with which registrants and market participants must comply, the Division of Enforcement should work closely with these subject matter experts to ensure that any enforcement for lack of compliance is consistent with the plain language and purpose of the relevant regulation.
Summary of the Compliance Guidance
According to the Compliance Guidance, the Division will evaluate whether a corporate compliance program was reasonably designed and implemented to achieve three goals:
- Preventing the underlying misconduct;
- Detecting the misconduct; and
- Remediating the misconduct.6
The Division’s assessment of whether a compliance program meets these goals will take into account various considerations, including “the specific entity involved, the entity’s role in the market, and the potential market or customer impact of the underlying misconduct.”7 The Division may also consult with subject matter experts in other CFTC divisions. The Division’s analysis of the factors below will depend on the specific facts and circumstances.
1. Preventing the Misconduct
In evaluating a compliance program, Division staff will assess whether it was reasonably designed and implemented to effectively prevent the misconduct at issue. The factors it will examine when analyzing this aspect of a compliance program include:
- Written policies and procedures in effect during the period of misconduct;
- Training of staff, supervisors, and compliance personnel;
- Failure to cure any previously identified deficiencies in the compliance program that relate to the misconduct at issue (with regulatory findings being of particular significance);
- Adequate resources and funding for compliance; and
- Sufficient independence between business functions and the structure, oversight, and reporting of the compliance function.
2. Detecting the Misconduct
Division staff also will assess whether a compliance program was reasonably designed and implemented to effectively detect the misconduct at issue. The factors that the Division will consider for this analysis include:
- Whether the misconduct was independently identified through the organization’s compliance mechanisms;
- Internal surveillance and monitoring efforts;
- Internal reporting systems and handling of complaints, including provisions for protection of whistleblowers and anonymous complaints;
- Procedures for identifying and evaluating unusual or suspicious activity, factoring in the sources, gravity, and extent of the organization’s risk of violations; and
- Whether efforts to detect and evaluate potential misconduct were sufficiently broad, rather than narrowly tailored to a specific individual, product, date, etc.
3. Remediating the Misconduct
Finally, Division staff will assess what steps a company took, upon discovery of the misconduct, to address both the misconduct and any potential deficiencies in the compliance program that could have allowed the misconduct to occur or initially evade detection. The relevant factors for this analysis include:
- Timely, effective action to address any impacts of the misconduct, to mitigate and cure any financial harm to others, and to restore integrity to the relevant markets;
- Appropriate discipline of the individual(s) directly and indirectly responsible for the misconduct; and
- Identification and remediation of any deficiencies that may have contributed to a failure to prevent or quickly detect the misconduct.
***
If you have any questions regarding this client alert, please contact one of the authors, any member of our CFTC team listed below, or the Willkie attorney with whom you regularly work.
Click here to download this article.
1 U.S. Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (June 2020), here.
2 125 FERC ¶ 61,058 (Oct. 16, 2008), here.
3 The SEC’s adopting release to its “compliance rule,” Rule 206(4)-7, provides threshold guidance for investment advisors, here. Additionally, the SEC’s Compliance Outreach Program publishes guidance, here.
4 For information about the Division’s civil monetary penalty guidance, see Willkie’s summary here.
5 For information about the Division’s September 2017 self-reporting guidance, see Willkie’s summary here. For information about the Division’s January 2017 cooperation guidance, see Willkie’s summary here.
6 Memorandum from James M. McDonald, Director CFTC, Guidance on Evaluating Compliance Programs in Connection with Enforcement Matters (Sep. 10, 2020), here.
7 Id. at 2.