It's 10 PM: FCMs, SDs, MSPs -- Do You Know the Status of Your Firm's 2013 Annual Compliance Report Preparation?

Jump to: Compliance Weeds    Between Bridges   
Repost This Email Print
Published Date : September 04, 2013

Now that summer is almost over, Chief Compliance Officers (CCO) of swap dealers (SD), major swap participants (MSP), and future commission merchants (FCM) should be well underway in the process that ultimately will lead to the preparation of their firm's Annual Compliance Report for the fiscal year ending 2013, and the certification of the report by the CCO or the Chief Executive Officer of their firm. This report will have to be filed with the CFTC within 90 days of a firm's fiscal year end, but perhaps as soon as 60 days after a firm's fiscal year end in some circumstances.

CCOs that have not begun this process should do so promptly in order to avoid last minute conflicts with other senior officers over what information should be included in their firm's Annual Compliance Report and how it should be stated. Late preparation could make possible disagreements more contentious because all certifications must be made "under penalty of law," meaning that the certifying officer has potential administrative, civil and/or criminal liability should it be determined that an Annual Compliance Report was not accurate or complete and that the signatory had reason to know of this failure.

A. The Right Stuff: Authority and Responsibilities of CCO

By now, each SD, MSP and FCM should have appointed a CCO. This person should have meaningful seniority and experience, as he or she is required by the CFTC to "have the background and skills appropriate for fulfilling the responsibilities of the position." (CFTC Rule §3.3(b).) The CCO must have been designated as a principal of the firm and must report to the firm's Board of Directors, the senior officer of the firm, or if the firm is large and multi-faceted, the senior officer of the relevant division (e.g., head of the Futures Division). (CFTC Regulations §§ 3.1(a)(1) and 3.3(a)(1), and 77 Federal Register No. 64 (April 3, 2012), pg. 20160.)

Unfortunately, in many international firms or combined broker dealer-FCMs, it may have been common for a US-based CCO, particularly related to a specific business unit (e.g., FCM) to report exclusively to a more senior US Head of Compliance of all business units, and/or to a Global Head of Compliance, perhaps one based outside the United States. However, these arrangements had to be modified to create a reporting line by the CCO to the firm's Board of Directors or senior officer too. However, where a CCO has dual (or even more multiple) reporting lines, the reporting line to the Board of Directors or senior officer must be meaningful and cannot solely constitute window dressing. The CCO cannot report to a Committee of the Board as a substitute to reporting to the full Board. (77 Federal Register No. 64, pg. 20160.)

If an entity has multiple registration categories (e.g., FCM and SD, as well as broker dealer) it may have separate persons serving as CCO for each distinct category, or it may have one or more persons serving as CCO for one or more registration categories. However, there must be a specifically identified CCO for each SD, MSP and FCM registration category within an entity, and each person designated as the CCO of an SD, MSP and/or FCM must have a distinct reporting line to their firm's Board of Directors or senior officer. It is not permissible to designate multiple CCOs as servicing any individual SD, MSP or FCM, even if the compliance function supporting such role is organized to reflect specific expertise (e.g., separate CCOs for FCM execution and FCM clearing are not permitted as an FCM can have only one designated CCO).

It is permissible, however, for multiple entities within a group structure to designate the same person as a CCO, although the CCO of the SD, MSP or FCM will have to report to the Board of Directors or senior officer of the relevant SD, MSP or FCM among his or her reporting lines. Likewise, it is permissible for a person appointed as CCO to have multiple functions within the SD, MSP or FCM, including serving as a member of the legal department or even as General Counsel too. However, the individual's CCO and non-CCO functions must be clearly delineated, and if the CCO also serves as a lawyer, his or her reports prepared as CCO typically cannot be subject to the attorney-client or attorney-work product privileges. (77 Federal Register No. 64, pgs. 20157, 20161.)

In all circumstances,

  1. only the Board of Directors or senior officer of the SD, MSP or FCM registrant may remove the CCO; and
  2. the Board of Directors or senior officer of the SD, MSP or FCM must,

(CFTC Regulations §3.3(a)(1-2); also 77 Federal Register No. 64, pgs. 20158, 20161.)

This does not appear to mean that there cannot be input by other corporate officers or even that the initiation for any of the described actions cannot originate from elsewhere in an organization.

Within the firm, the CCO must have sufficient stature (in the CFTC's word, "authority;" CFTC Regulations §3.3(a)) to:

  1. administer the firm's policies and procedures reasonably designed to ensure compliance with the firm's obligations under the Commodity Exchange Act (CEA) and the CFTC's rules (the so called "Compliance Policies" of the firm);
  2. in consultation with the firm's Board of Directors or senior officer (including possibly the division head), resolve any conflicts of interest as they arise;
  3. take reasonable steps to ensure the firm's compliance with the CEA and CFTC rules;
  4. establish Compliance Policies in consultation with the Board or the senior officer to resolve non-compliance issues he or she identifies;
  5. establish procedures, in consultation with the Board or the senior officer for the handling, management response, resolution, retesting and closing of non-compliance issues; and
  6. prepare and sign the firm's Annual Compliance Report.

(CFTC Regulations §3.3(d)(1-6).)

In evaluating the stature of the CCO within an organization, consider that no other job description for any other employee is so particularized by the CFTC. If the CCO does not have sufficient authority, it will be difficult for him or her to perform his or her required responsibilities. In fact, as part of the annual report, the CCO, at a minimum, will have to acknowledge (by his or her signature, if not certification) that he or she has sufficient "authority," by attesting to the firm's compliance with, among other rules, the relevant CFTC rule requiring the establishment of the CCO position in the first instance! (CFTC Regulations §3.3.)

Although each of the CCO's defined tasks are critical, this article addresses solely the CCO of FCM's, SD's and MSP's obligation to prepare and sign, and potentially certify a registrant's Annual Compliance Report.

B. Meat and Potatoes: Mandatory Sections of the Annual Compliance Report

Again, as with the CCO's job description, the CFTC through its regulations and No Action Letters has stated certain minimum information that must be contained in the Annual Compliance Report and/or that it expects to see. This information is:

1. an introduction and an executive summary that:

2.  a review of the firm's Compliance Policies generally. This must include:

The Firm's Annual Compliance Report must also describe:

3.  any material non-compliance issues and the action taken in response, including corrective actions; and
4.  the financial, managerial, operational and staffing resources the Firm dedicates for compliance to the CEA and CFTC rules, including identifying any material deficiencies in such resources.

(CFTC Regulations §3.3(e)(1-5); CFTC No Action Letter 12-47 (December 10, 2012), pgs 3-4.)

C. Ready, Set, Go: Possible Internal Process to Prepare the Annual Compliance Report Step by Step

Although only certain minimum information must be provided to the CFTC as part of a registrant's Annual Compliance Report (as described above in Section B), the process to prepare the report most likely requires review of a substantially larger amount of information. This information should be assembled and evaluated in as organized a fashion as possible, so that the information the CCO determines to include in the Annual Compliance Report can be accessed easily.

Step 1:       Determine what provisions of the CEA and CFTC Regulations are applicable to the registrant

A possible starting point to prepare a firm's Annual Compliance Report is for each SD, MSP or FCM is to create a formal inventory of provisions of the CEA and CFTC Regulations that are relevant to it. There is no set way to do this. Among other ways, this can be done by the firm listing on a spreadsheet or other system in one column (or area) law by law and rule by rule all applicable requirements. It may be helpful to include both the relevant section and a short summary of the requirement for the firm, with perhaps a link to the full relevant provision.

Care must be taken in connection with certain CFTC rules that allow an act to be undertaken solely if done in accordance with the rules of a contract market (e.g., certain non-competitive trades are authorized solely if undertaken in accordance with the rules of the relevant contract market (CFTC Regulations §1.38(a))). Arguably, such rules require a firm to comply with the relevant contract market rule in order to comply with the relevant CFTC rule. Also, not all legal requirements under the CEA necessarily have a corresponding CFTC rule defining or implementing it (e.g., CEA prohibitions against violating bids or offers, or engaging in spoofing (CEA §4c(a)(5))).

Although it seems onerous to require a full inventory of all relevant laws and CFTC rules, it would be risky for a CCO unilaterally to limit such an inventory to material laws and rules only. (The CFTC appears legally able to grant relief to FCMs in this area because under the plain language of the relevant CEA provision (CEA §4d(d)) it has full discretion to identify whatever duties and responsibilities it assigns to CCOs.

This does not appear to mean that, in connection with the formal compliance report submitted to the CFTC, a CCO cannot group related rules into a specific category when it describes its Compliance Policies related to such rules (e.g., Customer Protection Rules; see CFTC No Action Letter 13-03 (March 28, 2013), fn. 13). However, it probably is best that, in such case, the firm elsewhere in the report identify which specific sections of the CEA and rules constitute the relevant category in its view.

Step 2.       Determine which Compliance Policies (or sections) are reasonably designed to enable the firm to comply with relevant sections of the CEA and CFTC Regulations

After this inventory is completed, a second column (or another area) should be included, that allows the firm to link each Compliance Policy (and the relevant section of such policy) with the specific CEA provision or CFTC rule it is meant to address. It is possible that at the time of initial preparation, there will be no policy or procedure addressing a specific legal or regulatory requirement.

To a certain extent, inclusion of a Compliance Policy here entails a formal assessment: if the identified Compliance Policy was followed entirely as drafted, is it more likely than not that the firm would be in full compliance with the relevant provision of the CEA or CFTC rules.

Unless the subject matter of the relevant CEA provision or Commission rule  is under the jurisdiction of the CCO him or herself, the CCO should consult with the relevant department head to determine, in the first instance, which Compliance Policy is reasonably designed to achieve compliance, as well as the specific section.
Department heads themselves may rely on information provided by subordinates, but the senior manager must have a reasonable basis to rely on information. All representations relied on by the CCO or any department head should be in writing and be formally acknowledged by the employee making the representation.

However, in the end, the CCO must apply a reasonable independent judgment to determine whether, in fact, in his her or her view, such policy and procedure is reasonably designed to ensure that the firm complies with the relevant law or rule, as he or she will, at a minimum, sign the Annual Compliance Report, let alone possibly certify it. In any case it is likely that the CEO, if he or she certifies the Annual Compliance Report, will rely on the CCO's signature as back-up to his or her own certification.

If there is a necessary Compliance Policy that is deemed deficient or missing, now is the time to fix it (if relevant) by writing a new or amending an existing policy or procedure. Otherwise the deficiency will have to be identified as existing as of year-end even if it will then be in the process of being remediated. Strict deadlines should be set by the CCO (or designee) to draft new or more complete policies or procedures and these deadlines should be monitored actively.

Step 3:       Assess whether the Compliance Policies were effective

In the next column (or another area) the CCO should provide an assessment whether each Compliance Policy is, in fact effective. This requires a real-world evaluation.

There are only a few possible outcomes, depending on whether an applicable policy exists in the first place. The policy is working reasonably as designed, it is partially effective, or it is not effective at all. One of these outcomes should be reflected in this column although it is very possible that an initial assessment may change over time before the final Annual Compliance Report is prepared.

As before, unless the relevant law or regulation relates to an area under the CCO's primary jurisdiction, the CCO likely will want to obtain a sub-representation from the relevant department head regarding this matter, and have him or her reflect his or her views in writing. However, again, the CCO must provide an independent view as to the reasonableness of the department head's views.

This is the first section of the Annual Compliance Report that likely may cause registrants serious angst. This is because, typically, all senior managers, including the CCO, hear rumors or informal complaints of potential compliance issues all year long that range from coffee chat grousing to substantive allegations.

Moreover, during the course of the relevant fiscal year, a registrant will likely have received various formal compliance reviews, internal or external audit findings, self-reported errors, and validated complaints (including those initiated through the firm's whistle-blower process) as well as learn of regulatory investigations or actions, or private lawsuits that may reasonably suggest that a Compliance Policy is not working 100% as intended.

At a minimum, these matters should be considered before the relevant officer, including the CCO, attests to the efficacy of a related Compliance Policy. After the fact, for example, it could be somewhat problematic for one senior officer to have signed off that a particular Compliance Policy has been reasonably effective, if the firm's Internal Audit Department previously issued a report saying that the same policy was routinely disobeyed and a recommendation for remediation has not yet been implemented -- especially if there is internal evidence that the senior officer received the report (whether or not he or she read it). 

As a result, it may be helpful to include another column on the firm's spreadsheet (or other area), where the CCO correlates internally identified issues (including source, date and remediation action) and externally initiated matters with the relevant provision of the CEA or CFTC regulation and the relevant Compliance Policy in order to ensure that nothing stated in the Annual Compliance Report may be inconsistent with other known documents or information. Such a section will also help the CCO more easily identify material compliance issues that must be included in another section of the Annual Compliance Report provided to the CFTC. At a minimum, the CCO should carefully review all internally identified issues and externally initiated matters prior to signing the Annual Compliance Report.

Moreover, where a CCO or another senior manager may have a different view as to the efficacy of a specific Compliance Policy now is the time for internal discussions to be held. Ideally, these discussions will be held in person and not confrontational. Preferably e-mail or instant messaging will not be used to conduct such meetings, as these are poor media to reach consensus or adequately to express disagreements.

Step 4:       Determine any material changes there have been to the Compliance Policies during the fiscal year

The next column (or other area) should reflect any material changes to relevant Compliance Policies adopted by the firm during the relevant fiscal year. At a minimum, listed here should be reflected (1) any new, or material amendments to, any required Compliance Policy that were noted as missing in the prior year's Annual Compliance Report, as well as (2) each new Compliance Policy adopted to reflect material amendments to the CEA or CFTC rules (including new provisions) during the relevant fiscal year.

Again, the CCO should receive this information from relevant department heads, except where he or she has primary jurisdiction over the relevant subject matter.

Step 5:       Assess what changes might make the firm's Compliance Program more effective including additional resources

The last column (or equivalent) is where the CCO should reflect what the CCO believes is necessary to close any gaps identified in the prior two columns (or areas). Here the CCO should recommend specifically:

  1. any potential amendments to Compliance Policies so that the firm will have policies and procedures better designed to comply with all applicable provisions of law or regulations; and
  2. any changes or improvements to the implementation of a Compliance Policy, or additional resources, designed to enable the firm better to comply with all applicable provisions of the CEA or regulations.

Again, the CCO should not prepare this section in a vacuum. Except where he or she has primary knowledge, the CCO likely will want to obtain information regarding how to improve Compliance Policies or the implementation of policies from the relevant department heads. In the first instance, the department head should typically acknowledge in writing agreement with any language proposed to be used in the final Annual Compliance Report related to possible improvements. 

However, again, the CCO must evaluate independently the reasonableness of the department head's views.

Typically, if the CCO carefully explains the requirements of a law or rule, relevant management and the CCO can reach agreement on the most effective way designed to achieve compliance. Not always will adding personnel or other resources enhance compliance; sometimes compliance can be enhanced by better training personnel or utilizing better-trained persons, or simply by better understanding the actual requirements. On the other hand, the firm may need to expend some additional resources to fix some matters, including hiring more personnel or obtaining more or better automation. It may be helpful in connection with this process to use an external objective resource to help mediate different opinions.

The next two sections that the CFTC requires in the Annual Compliance Report appear satisfied by a narrative or separate summary that can be at least partially derived from the information included in the previously discussed chart.

Step 6:      Determine the financial, managerial, operational and staffing resources the Firm employs to comply with relevant provision of the CEA and Commission regulations and assess if there are any material deficiencies and if so, what are they

First, the CCO is required to provide a description of the financial, managerial, operational and staffing resources the firm employs to comply with the relevant provisions of law and CFTC rules, including a description of any material deficiencies in such resources. This would seem to entail the CCO first (1) computing the dollar value of all resources the firm uses to comply with its compliance obligations, including personnel (both in and outside the Compliance Department) and systems; (2) counting the number of employees in each department that perform compliance relevant functions; and (3) understanding all elements of the firm's training and supervisory structure day to day to designed to ensure compliance or to identify problems. It will also be helpful for the CCO to (4) prepare an inventory of all automated systems the firm uses to assist its compliance efforts, as well as (5) understand the role of each permanent or periodic control function (e.g., Internal Audit, Compliance, Operational Risk) to help detect and correct any issues.

However, in connection with this requirement, the CFTC has given CCO's some flexibility. It says,

"This rule requires a description of compliance resources, but does not prescribe the form or manner of this description, which the Commission views as within the reasonable discretion of the registrant."

        (77 Federal Register No. 64, pg. 20164.)

Again, the CCO likely will have to rely on other department heads to provide to him or her much of this information.

Step 7:      Identify material non-compliance issues that emerged during the preparation of the Annual Compliance Report, and summarize what actions were taken in response, if any

Second, the CCO is obligated in the Annual Compliance Report to describe any "material non-compliance issues identified" and the corresponding action taken. The plain language and Federal Register discussion regarding this provision are not 100% clear regarding the meaning of this section. Presumably the disclosure requirement pertains to compliance issues discovered solely during preparation of the Annual Compliance Report, but includes any discovered violation of the CEA or CFTC rules, and not just a failure to have an adequate Compliance Policy.

For this section the CCO should be able mostly to draw on the information previously assembled as part of the analysis of the efficacy of existing Compliance Policies. However, only material non-compliance issues need to be disclosed in this section of the Annual Compliance Report, not all compliance issues.

Again, not all the information assembled for internal purposes needs to be included in the actual Annual Compliance Report signed by the CCO, certified by the CEO or CCO, and provided to the Commission. In fact, most of the information likely will not be included. Rather, only those specific sections required by the CFTC (described in Section B, above) need to be provided. However, preparation of an internal spreadsheet or other document, containing the type of information described above in this Section C will make it easier ultimately to produce this report, let alone identify potential issues earlier. This internal document, and all supporting documentation. however, needs to be retained in the ordinary course and is likely discoverable if there is a regulatory or private dispute down the road.

When the CCO drafts the actual report he or she should consider a format that enables the CFTC readily to see each section it expects. Information should be accurate and language should be measured, neither overstating nor understating any matter.

After preparing the firm's Annual Compliance Report, the CCO needs to provide a copy that he or she signs to the firm's Board of Directors or senior officer. Although it seems contemplated that the CCO should discuss the Annual Compliance Report formally with the Board of the senior officer, such a discussion is not formally mandated. However, it appears reasonable that such a discussion should occur.

The Board's minutes or some other official records (particularly in case of a presentation to the senior officer only) should reflect that there was a presentation of the Annual Compliance Report.

D. CCO or CEO Certification

At any time after the CCO signs the annual report, the CCO or the CEO must certify it, acknowledging formally, that to the best of his or her knowledge and belief, and under penalty of law, the information in the Annual Compliance Report is accurate and correct. Again, if the CCO does not certify the report him or herself, it is likely the CEO will rely on the CCO's signature to support his or her own certification. Whoever certifies the Annual Compliance Report must apply independent judgment and consider matters of which he or she is aware that are likely to make a certification not true.

Importantly, the Commission notes that the certification is not a guarantee that all information in the Annual Compliance Report is accurate. It is simply a warranty that a process was followed reasonably designed to ensure accuracy. According to the CFTC,

"'If the certifying officer has complied in good faith with policies and procedures reasonably designed to confirm the accuracy and completeness of the information in the annual report both the registrant and the certifying officer would have a basis for defending accusations of false, incomplete, or misleading statements or representations made in the annual report."

        (77 Federal Register No. 64, pg. 20163.)

As a result of this guidance by the CFTC, it may be helpful to include in the Annual Compliance Report a description of the process that was followed to prepare the report.

The firm's Annual Compliance Report should then be furnished electronically to the CFTC by not more than 90 days after the end of the fiscal year of the FCM, SD or MSP, or at the same time, the registrant submits its annual audited financial statement. For stand alone FCMs this is 90 days after the end of its fiscal year; for combined BD FCMs this is 60 days after the end of the fiscal year. Electronic filings are made through the Winjammer ™ system. (NFA Notice to Members, Notice 1-13-07 (March 8, 2013.)

If subsequent to filing, a material error is discovered in the Annual Compliance Report, the report promptly must be amended and re-filed along with a new CEO or CCO certification.

An FCM, SD or MSP may apply to the CFTC for an extension to file the Annual Compliance Report provided the firm's "…failure to timely furnish the report could not be eliminated by the registrant without unreasonable effort or expense." (CFTC Regulations §3.3(f)(5).)

Any Annual Compliance Report may incorporate by reference sections of the Annual Compliance Report furnished within the current or immediately preceding reporting period. Thus for Annual Compliance Reports filed this year, cross-reference to sections may be made to the Annual Compliance Report filed for firm's last fiscal year. Next year, references may be made to the Annual Compliance Report filed for this and the last fiscal year of the firm. If a firm is registered in more than one category of an FCM, SD, or MSP, its Annual Compliance Report filed for one registration category may also cross reference sections made in another registration category's report for the current or immediately preceding period. (CFTC Regulations §3.3(f)(6).)

When a firm submits its Annual Compliance Report to the CFTC it may request that it be subject to confidential information just as with the submission of other documents containing proprietary information.

Annual Compliance Reports must be retained in the ordinary course (i.e., for five years, two years readily accessible), along with:

  1. all policies and procedures identified, reasonably designed to ensure compliance with all the firm's CEA and CFTC Rules' obligations;
  2. copies of all materials provided to the Board of Directors or senior officer in connection with their review of the Annual Compliance Report; and
  3. copies of all "records relevant to the annual report," including work papers and documents that form the basis of the report. This includes, but is not limited to, "memoranda, correspondence, other documents and records that are created, sent or received in connection with the report and contain conclusions, analyses, or financial data related to the annual report."

(CFTC Regulations §3.3(g)(1)(i-iii).)

E. Bottom Line

Preparation of annual compliance reports is not new in the financial services industry. Broker Dealers have been required for some time to file an Annual Certification of Compliance and Supervisory Processes with FINRA, although such certification is certified exclusively by the firm's CEO (FINRA Rule §3130), while the CCO of an investment company must provide no less than annually, a report to the fund's board of directors that addresses certain minimum compliance matters; this report is not automatically provided to the SEC (SEC Rules, §270.38a-1(a)(4)(iii). In the futures industry, designated clearing organizations, swap data repositories, and swap execution facilities must also prepare annual compliance reports containing similar information as required by FCMs, MSPs and SDs, and submit such reports to the CFTC too. ((CFTC Rules §39.10(c)(3-4) and §37.1501(e), respectively.) Each DCO and FCM in existence by the end of 2012 already has submitted one Annual Compliance Report to the CFTC, although for FCMs, this was an abbreviated one addressing only customer funds protection. (See, CFTC No Action Letter 13-03.)

The preparation of a firm's Annual Compliance Report should be undertaken in a very meticulous and thoughtful manner by each firm, because of the serious disclosure regarding the firm that will be provided to the CFTC, as well as the certification that must be provided by the CEO or CCO, which exposes the certifier to potential criminal or civil liability. Given this importance, it would not be unexpected that legitimate differences of opinion might arise at various points during the report's preparation. As a result, it is important that these differences, as well as any issues with the firm's  Compliance Policies, or material compliance issues that the firm may have, be identified and begin to be remediated as soon as possible. In many case, an outside independent person may be in a better position than internal staff to assist the firm analyzing and helping to resolve these issues as well as any internal differences of opinion.

For questions or assistance, do not hesitate to contact Gary DeWaal and Associates at (212) 382-4615 or at

The information contained in this article is not legal advice. For legal advice, please consult with your attorney. The information in this article is derived from sources believed to be reliable as of September 4, 2013, but no representation or warranty is made regarding the accuracy of any statement. To ensure compliance with requirements imposed by U.S. Treasury Regulations, Gary DeWaal and Associates LLC informs you that any U.S. tax advice contained in this communication (including any attachments) was not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Gary DeWaal and Associates may represent one or more entities mentioned in this article.

Recent Commentaries