The Commodity Futures Trading Commission recently clarified its expectations for the new annual reports required of the compliance officers at swap dealers and other registrants. Along with the first batch of annual filings, firms and industry groups have asked the CFTC’s Division of Swap Dealer and Intermediary Oversight for additional guidance on what should be included. The new advisory is intended to address some of those questions and concerns.
The CFTC adopted the reporting requirement for compliance officers as part of its ongoing efforts to bring the Commodity Exchange Act into conformance with Dodd-Frank Act requirements. The chief compliance officer of a swap dealer, major swap participant, or futures commission merchant must prepare and furnish to the board of directors, or a senior officer, an annual report addressing compliance activities for the most recently completed fiscal year. The report must include a certification by the CCO or Chief Executive Officer that the information is accurate and complete.
Each report must include the CCO’s description of the firm’s written policies and procedures (WPP), including the code of ethics and conflicts of interest policies. Because many regulations have multiple requirements, the CFTC generally advises CCOs to review each of them separately. That said, the guidance does say it may be appropriate to review closely related requirements together. While “know your counterparty,” “true name and owner,” and record retention requirements are distinct and should be reviewed individually, thematically related subsections could be reviewed together, provided the report makes that clear.
A number of reports already reviewed by the Division revealed shortcomings in addressing a requirement to assess the effectiveness of policies and procedures. Some provided only a general indication of effectiveness, while others focused heavily on external audits and reviews rather than describing the registrant’s own activities. While a narrative description of the processes used to assess the effectiveness of WPPs is important, details of the assessment methods used and conclusions reached for each requirement should also be provided. A conclusion of effectiveness is not necessarily a “yes” or “no” proposition and a rigorous assessment could include more nuanced conclusions, such as “partially effective” or “effective, but improvements will be made.”
To meet the requirement that CCOs discuss areas for improvement, recommend potential changes, and detail the resources devoted to compliance, the CFTC is looking for detailed discussions. There should also be continuity from one report cycle to the next. If a previous filing discussed planned improvements, subsequent ones should discuss the outcomes of those changes, any monitoring or testing of those changes, whether any compliance issues arose, and how those issues were handled. Reports should also include a list of any material changes to compliance policies and procedures during the coverage period of the report, with a description of the standard of materiality used.
CCOs are required to provide information that can be used to assess whether sufficient resources are dedicated to compliance. The Division recommends including the following information: total budget allocated to the compliance department, breaking down budgets for personnel, technology, training, and travel; full-time employee counts; partially allocated staff counts, with information on how much of each employee’s time is devoted to compliance matters subject to CFTC oversight; an explanation of managerial resources; and detailed infrastructure information (computers, technology, infrastructure). Registrants should also include a detailed description of the CCO and CEO’s prior experience and educational background what supports their roles in assessing compliance.
The annual report should contain a description of all material non-compliance issues that are identified. CCOs should consider including an overview of how the compliance department handles and tracks non-compliance events.
The guidance notes that the use of policy and procedure management software, while not mandated by any regulation, could provide registrants with a useful tool to aid in the identification of their WPPs, the mapping of each WPP to corresponding rules, tracking of any changes, and archiving previous policy versions.