The chairman of the Commodity Futures Trading Commission said it’s important for the United States to lead in blockchain technology and heralded the agency’s own principles-based approach to regulation as a model that could be followed to achieve leadership. Separately, a futures commission merchant operating as a voice broker was sanctioned by the CFTC for numerous purported regulatory lapses in connection with its execution of block trades and audit trails prepared and maintained regarding such transactions. As a result, the following matters are covered in this week’s edition of Bridging the Week:
The next regularly scheduled edition of Bridging the Week will be December 9, 2019.
Separately, in an opinion article in Fortune, Dr. Tarbert indicated that a “principles-based approach” is the best way to regulate cryptoassets and other fintech products. He noted that such an approach has been applied by the CFTC in evaluating clearinghouses that settle transactions that might result in the delivery of bitcoin. Although cryptoassets “face the unique operational risk of a systems hack that could result in a loss or theft,” Dr. Tarbert said the CFTC’s core principles solely require clearinghouses to identify and minimize operational risk without prescribing precisely how. As a result, each of the three clearinghouses currently processing cryptoassets were “able to adopt a different method of facilitating Bitcoin transfers and addressing the risk of loss.”
Dr. Tarbert argued that principles-based regulation “can provide a more effective regulatory approach for overseeing financial services in this global technological age than a highly prescriptive rules-based approach can.”
In other legal and regulatory developments involving cryptoassets:
As proposed by MAS, listing derivatives on approved exchanges would be voluntary and not mandatory.
MAS also proposed to implement a number of measures specifically directed at retail investors who trade derivatives based on virtual currencies through regulated financial institutions. These would include requiring 1.5 standard margin for all derivatives offered by approved exchanges, as well as “tailored” risk disclosures and advertising restrictions.
Currently, MAS takes the view that derivatives based on virtual currencies are not subject to regulation under applicable Singapore law. It proposes to amend applicable rules to effectuate its proposals. Comments on MAS’s Consultation Paper will be accepted through December 20, 2019.
Recently, the International Organization of Securities Commissions issued a similar statement that stablecoins are “rightly subject to significant international and public scrutiny” and urged all persons seeking to launch stablecoins – particularly those with potential global reach – to engage with all regulatory bodies in jurisdictions where they seek to operate. (Click here for background in the article “IOSCO Encourages Stablecoin Issuers to Engage With Relevant Regulatory Bodies Prior to Issuance” in the November 17, 2019 edition of Bridging the Week.)
Additionally, the Task Force concluded that a smart contract may satisfy the “basic requirements” of an English legal contract. According to Sir Vos, “[t]hose requirements are that two or more parties have reached an agreement, intend to create a legal relationship by doing so, and have each given something of benefit.”
Separately, Grayscale Investments voluntarily filed a registration statement with the SEC on behalf of Grayscale Bitcoin Trust. According to the company, if deemed effective, registration would permit accredited investors who purchased shares in the trust in a private placement to sell their shares earlier – after six months of holding, rather than twelve as now, subject to conditions.
Along those lines, as I have written previously, the case for a single federal regulator of cryptocurrency exchanges is overwhelming. Today, jurisdiction over such entities is divided among FinCEN (which generally requires exchangers of virtual currency to be registered as money service businesses), the states (many of which require such entities to register as money transmitters or in an equivalent manner, or in the case of New York, also mandates such entities to obtain a so‑called “BitLicense”) and the Commodity Futures Trading Commission (which exercises anti-fraud and anti-manipulation authority over transactions involving spot virtual currencies but does not functionally regulate such transactions day to day). (Click here for a general discussion of federal and state jurisdictional issues involving cryptoassets in the article “Digital and Digitized Assets: Federal and State Jurisdictional Issues” by the American Bar Association Derivatives and Futures Law Committee (March 2019).)
Although most states view cryptocurrency exchanges’ activities as meeting their requirements for money transmitters, many states do not. (Click here, e.g., for background in the article “Cryptocurrency Exchange Not a Money Transmitter Says Pennsylvania” in the January 27, 2019 edition of Bridging the Week.) Moreover, except for New York, none of the states or FinCEN regulate cryptocurrency exchange activities similarly as do the CFTC and Securities and Exchange Commission in connection with their oversight of traditional exchanges. At the state level, requirements for such entities tend to emphasize anti-money laundering and US government sanctions compliance, and cyber security protections, and capital and bonding, as opposed to monitoring and protecting against manipulative trading.
To me, this hodgepodge approach is a big problem waiting to happen and creates a too-high barrier to entry for legitimate firms that wish to provide innovative cryptoasset trading solutions.
During this time, claimed the CFTC, BGC failed to record or retain voice recordings for periods of up to four months. On four occasions, said the CFTC, this failure involved multiple broker lines simultaneously, and on one occasion – February 5 through the end of May 2016 – the firm lost all voice recordings for “thousands of trades” by traders on its Sugar Land, Texas block trading desks. As a consequence, in late 2016 when the CFTC’s Division of Enforcement requested the audit trail for 100 random block trades during the prior 12 months, BGC produced complete records for less than half of the relevant trades.
Additionally, claimed the CFTC, BGC failed to notify it as required of multiple formal investigations by other regulatory bodies (click here to access CFTC Rule 1.12(m)) and one change in senior management (click here to access CFTC Rule 1.12(l)). The firm was also charged with failure to comply with a requirement that, in its 2015 and 2016 chief compliance officer annual reports, it should have identified certain material noncompliance issues related to records retention and disclosed its plan to remediate such issues, as well as failure to supervise.
Last month, the CFTC and the New York Attorney General fined BGC and GFI Securities LLC an aggregate US $25 million out-of-pocket for purportedly misleading customers to believe that certain bids and offers involving foreign exchange options were executable when they were not and that certain trades had taken place, when they had not. (Click here for background in the article “Two Interdealer Brokerage Firms Settle With CFTC and NY Attorney General for US $25 Million Out-of-Pocket Fines for Alleged Fraud in FX Options Transactions" in the October 6, 2019 edition of Bridging the Week.) In July 2018, BGC agreed to pay a fine of US $1.25 million to the Securities and Exchange Commission for inadvertently deleting audio files containing communications of eight registered representatives requested by the SEC and for not accurately documenting and maintaining records of various employees’ gifts and expenses. (Click here for background in the article “Broker-Dealer Fined US $1.25 Million for Inadvertently Deleting Audio Tapes Subject to SEC Request and for Not Keeping Accurate Records of Salespersons’ Expenses” in the July 22, 2018 edition of Bridging the Week.)
BGC was also required to continue use of a compliance consultant for at least two years as part of its CFTC settlement in order to identify and remediate potential material deficiencies in its compliance with legal and regulatory obligations.
In addition to this case against BGC, in September 2019, the Commission fined Merrill Lynch, Pierce, Fenner & Smith Incorporated US $300,000 to resolve allegations that it failed timely to produce complete audit trail data for a customer in response to three requests in 2015.
According to the CFTC, ML maintained the audit trail data regarding orders and executions as an FCM and executing broker for the relevant unnamed customer. However, the CFTC said that despite its Division of Enforcement’s agreement to limit the scope of the 2015 requests, ML did not produce complete audit trail data for the customer until January 2018. The FCM made some interim productions, but the data was incomplete, including containing unpopulated fields. ML recognized this problem in December 2017 and by the following month, produced the missing audit trail data. According to the Commission, ML’s almost three-year delay and data incompleteness were because the firm “lacked an adequate supervisory system to ensure the required records were properly kept and promptly produced.”
Among other things, the CFTC claimed that ML did not have a process to identify account numbers or order entry operator identification numbers; defendant’s staff solely relied on their memories when searching for data. (Click here for a copy of the relevant settlement order.)
Mr. Parfionovas was charged with computer intrusion, money laundering, wire fraud, access device fraud, securities fraud, and identity theft, and certain related crimes. If convicted, he could be subject to up to 30 years’ imprisonment for the money-laundering charge alone.
Compliance Weeds: CFTC registrants and NFA members have express obligations to ensure the security of their information systems and customers’ personal information. Among other things, most CFTC registrants are required to maintain policies and procedures to protect customer records and information (click here to access CFTC Rule 160.30) and a written identity theft program (click here to access CFTC Rule 162.30(d)), while all NFA members must maintain a written information systems security program. (Click here for background in the article “NFA Sets April 1 as Compliance Date for New ISSP Requirements” in the January 13, 2019 edition of Bridging the Week.)
SEC registrants have similar obligations. (Click here for background in the Compliance Weeds associated with the article “Broker-Dealer Resolves SEC Charges That Inadequate Cybersecurity Procedures Led to Cyber Intrusion, Compromising Customer Personal Information” in the September 30, 2018 edition of Bridging the Week.)
However, it appears regulators are increasingly likely to file an enforcement action under a general failure to supervise theory when there is a cybersecurity breach if they feel that adequate policies and procedures reasonably designed to prevent and/or respond to a breach did not exist, and/or customer information or funds were or may have been compromised.
Since 2017, for example, the CFTC has brought and settled three enforcement actions emanating from cyber breaches.
In September 2017, the CFTC resolved an enforcement action against Tillage Commodities, LLC, a CFTC-registered commodity pool operator, with failure to supervise for purportedly not monitoring and detecting unauthorized wire transfers processed by the administrator of a fund it operated. (Click here for details in the article “Two Commodity Pool Operators Charged by CFTC with Failure to Supervise” in the October 1, 2017 edition of Bridging the Week.) In February 2018, the CFTC also settled an enforcement action against AMP Global Clearing LLC, a CFTC-registered futures commission merchant, for its alleged failure to supervise a third party’s implementation of “critical” provisions of its information system security program. (Click here for details in the article “CFTC Says Futures Brokerage Firm’s Failure to Supervise Led to Unauthorized Cyber Attack” in the February 18, 2018 edition of Between Bridges.) Most recently, the CFTC brought and settled an action against a second FCM emanating from a cyber breach (click here for a copy of the relevant settlement order).
Robust policies and procedures related to information security are critical, along with a checklist of urgent things to do when there is a cyber breach – including a list of useful contacts (e.g., forensic experts, regulators to contact). The regulatory consequences of not being prepared are high, and the out-of-pocket and reputational costs of a breach may be higher still. And unfortunately, a breach will occur no matter how good a firm’s controls and procedures.
Defendants argued that the CFTC’s alleged violation of the consent orders “have had real consequences.” Among other things, the CFTC’s public statements in violation of the gag order “cannot be unmade” and defendants’ exposure is no longer limited to US $16 million, the amount of the agreed settlement. Additionally, defendants must incur legal fees through the end of the enforcement action.
Although the CFTC previously argued for the contempt proceeding to be halted as moot, including that sanctions could not be levied against it as a sovereign entity, defendants claimed there are meaningful sanctions that can be lawfully imposed: a rebuke, as well as a limit on any possible fine to US $16 million. (Click here for background on the CFTC’s arguments in the article “CFTC Submits Suggestion of Mootness Regarding Potential Contempt Determination Against It” in the November 17, 2019 edition of Bridging the Week.) Also, the CFTC could be required to pay defendants’ legal fees for handling the contempt proceeding as such amounts fall outside any sovereign immunity of the CFTC, said the food giants.
Under the rule, banks may recognize client initial margin as an offset in assessing their exposure to derivatives contracts in calculating their supplementary leverage ratio. Applying this ratio, some of the largest US banks are required to set aside as much as 5 percent of their assets as a guard against losses. Currently, these assets include cash posted as initial margin by customers for their swaps and other derivatives trading activity through the banks’ futures commission merchant subsidiaries.
Additionally, the rule ameliorates the measure of risk of doing business with commercial end-users that are entering into derivatives contracts to hedge or mitigate their risks. The rule accomplishes this by eliminating a heightened or “alpha factor” of 1.4 for assessing counterparty credit risk for derivatives contracts with qualified commercial counterparties (the banking organizations term the alpha factor “a measure of conservatism”). According to Walt Lukken, President of FIA, “[t]his [new rule] will preserve access to derivatives for manufacturers, transportation companies and other commercial enterprises that use derivatives to hedge price risk.” (Click here for the full FIA statement in response to the new rule.) However, the Coalition for Derivatives End-Users expressed concern that the final rule implementing the standardized approach for calculating the exposure amount of derivatives contracts – known as SA-CCR – does not go far enough in helping end-users as the collateral recognition benefit only applies to cash collateral; according to the Coalition, most end-users do not post cash but use alternative forms of margining (e.g., liens and letters of credit; click here for details).
Separately, a proprietary trading firm consented to a sanction of US $100,000 by the Chicago Board of Trade for sending unintended bursts of invalid, non-actionable messages on five occasions during a one-hour period on November 17, 2017, that caused the exchange to disconnect the port through which the firm was sending the messages. The messages were transmitted, said the CBOT, because of a malfunction of the firm’s automated trading system. However, observed the CBOT, when the firm became aware that its ATS had connectivity issues, it continued to reconnect the ATS without reviewing the reason for the problem.
Christopher Wielgus was fined US $20,000 in aggregate by the CBOT and Chicago Mercantile Exchange and barred from trading on any CME Group exchange for three months for trading on nonpublic information regarding block trades he was solicited to execute prior to the time he consummated such trades, from January 2014 to July 2015. Mr. Wielgus apparently executed such trades to pre-hedge the transaction; pre-hedging block-trades prior to consummation was not permitted at the relevant time. (Click here for background on CME Group’s block trades pre-hedging authorization in the article “Pre-Hedging by Principals Authorized in Block Trade Clarification Implemented by IFUS and Adopted by CME Group” in the October 30, 2016 edition of Bridging the Week.)
For further information:
Another NY Trust Charter Granted for Virtual Currency Custodian and Execution Platform:
Banking Regulators Authorize Banks to Recognize Derivatives Customers’ Collateral in Assessing Capital Requirements:
Bitwise Bitcoin ETF to Be Reconsidered by SEC; Grayscale Seeks Registration of Bitcoin Trust:
CFTC Chairman Wants US to Lead in Blockchain Technology and Says Fintech Regulation Needs Principles Not Proscriptive Rules:
Fed Says Stablecoins Could Make Fiat Currencies Unstable:
Food Giants Request That Potential Penalty Be Capped at US $16 Million If Adverse Judgment of Manipulation Reached in CFTC Enforcement Action as Sanction for Agency’s Contempt:
Non-US National Criminally Charged for Hacking US Financial Institutions’ Computers to Steal Customer Funds and to Trade Securities Brokerage Accounts:
Ontario Securities Regulator Tries to Make It Easier for Market Participants to Conduct Business in Province:
SEC Awards US $60 Million to Whistleblower in FY 2019:
Singapore-Based Brokerage Company Sanctioned by NYMEX for Allegedly Not Following Block Trades Rules and Advising Employees Regarding Relevant Requirements:
Singapore Regulator Seeks Input to Authorize Derivatives Based on Payment Tokens to Be Traded on Authorized Exchanges:
UK Law Panel Says Cryptoassets Should Be Regarded as Property Under UK Law:
Voice Broker Fined US $3 Million by CFTC for Purported Recordkeeping and Supervisory Breakdowns:
The information in this article is for informational purposes only and is derived from sources believed to be reliable as of November 23, 2019. No representation or warranty is made regarding the accuracy of any statement or information in this article. Also, the information in this article is not intended as a substitute for legal counsel, and is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. The impact of the law for any particular situation depends on a variety of factors; therefore, readers of this article should not act upon any information in the article without seeking professional legal counsel. Katten Muchin Rosenman LLP may represent one or more entities mentioned in this article. Quotations attributable to speeches are from published remarks and may not reflect statements actually made. Views of the author may not necessarily reflect views of Katten Muchin or any of its partners or employees.