The Best Defense is No Offense: The CFTC’s New Compliance Guidance

On September 10, 2020, James McDonald, Director of Enforcement at the US Commodity Futures Trading Commission (CFTC) issued the agency’s first-ever “Guidance on Evaluating Compliance Programs in Connection with Enforcement Matters.”  This is the latest example of the CFTC’s recent efforts to provide commodities market participants with more transparency into how it makes enforcement decisions.  This document adds more context to the CFTC’s May 2020 civil monetary penalties guidance, which directed staff to consider a regulated entity’s compliance program and remediation efforts when recommending penalties to the Commission.

The memorandum is largely consistent with what practitioners might expect: it directs Enforcement Division staff to consider “whether the compliance program was reasonably designed and implemented to achieve three goals: (1) prevent the underlying misconduct at issue; (2) detect the misconduct; and (3) remediate the misconduct.” For each of these three goals, the memo includes a number of points for Division staff to consider (e.g., whether written policies “reasonably addressed” the type of misconduct, the adequacy of internal surveillance programs, and whether individuals were appropriately disciplined). 

The memo dovetails with similar documents issued by other authorities. Indeed, a footnote states that, “where appropriate and relevant,” CFTC enforcement “staff will also consider” the principles in the US Department of Justice’s Evaluation of Corporate Compliance Programs and compliance guidance from self-regulatory organization (SROs) like the National Futures Association.

Even though the content of the memo generally aligns with conventional wisdom, there are a few points worth highlighting:

• The “prevention” section notes that Division staff should focus on whether “training of staff, supervisors, and compliance personnel reasonably addressed the type of misconduct at issue.” This emphasis is not surprising, but the recent record-setting penalties paid by the Bank of Novia Scotia demonstrate the CFTC’s focus on effective training.  One of the CFTC’s Orders against the Bank of Nova Scotia quoted extensively from internal bank communications that betrayed that the bank’s compliance officers did not recognize spoofing. This discussion in the Order suggests that the CFTC was not impressed by the training given to compliance personnel, a fact that (under Director McDonald’s memo) may have exposed the bank to a greater penalty.

• A footnote in the “detection” section of the memo provides that Division staff may consider “whether efforts to detect and evaluate potential wrongdoing were narrowly tailored (e.g., covering only a specific individual, product, date, etc.) or sufficiently broad to uncover similar misconduct involving other employees, divisions, or products.” This underscores how important it is for compliance personnel to share “lessons learned” across business units, trading desks, etc.  Compliance personnel on one desk who detect misconduct or evasion of controls may share their findings with colleagues on other desks (or with colleagues who monitor third-party / customer access to trading systems).  But sharing may not be enough—the compliance department as a whole may need to assess how to meaningfully incorporate those lessons; for example, if it is determined that an anti-manipulation surveillance module based on average daily volume needs to be adjusted for one asset class, it would be prudent to consider whether adjustments should also be made in different markets or products.

• The CFTC guidance directs staff to consider an entity’s efforts to “mitigate and cure any financial harm to others and restore integrity to the relevant markets” as part of its remediation.  This instruction suggests that the CFTC may look favorably on efforts to remediate, including by declining, donating or returning potentially ill-gotten gains and profits.  (The phrase “restor[ing] integrity to the relevant markets” seems broad, but may cover self-reporting misconduct to relevant SROs, including exchanges.)  Of course, a regulated entity should be cautious about how it manages this process to avoid interfering with a potential CFTC investigation or unnecessarily admitting liability.  Market participants in this position will want to consider carefully how best to demonstrate their commitment to effective remediation.