CFTC Amends Recordkeeping Requirements

Introduction
On May 23, 2017, the Commodity Futures Trading Commission (“CFTC” or “Commission”) adopted amendments to its general regulations regarding the retention and production of regulatory records, which are set forth in CFTC Regulation 1.31 adopted under the Commodity Exchange Act (the “Act”). [1]  The CFTC’s goals were to make these regulations more flexible and technology-neutral so that a person required to maintain records, which the CFTC refers to as a “records entity,” can take advantage of enhancements in information technology.  The amendments eliminate outmoded technical requirements that had applied to electronic regulatory records, including:  (1) that they be kept in their native file format; (2) that they be preserved in a nonrewritable, nonerasable format, known more commonly as the ‘‘write once, read-many,’’ or ‘‘WORM’’ requirement; and (3) that records entities enter into an arrangement with a third-party technical consultant capable of furnishing electronic regulatory records to regulators promptly upon request.  In response to comments, the CFTC revised its proposed amendments [2] (1) regarding the definition of “regulatory records,” (2) by deleting a provision that would have required specific written policies, procedures, and training regarding records, (3) by deleting a provision that would have required a records entity to establish systems that maintain the “chain of custody elements” of electronic regulatory records, and (4) by reducing the retention period for electronic pre-execution communications regarding swaps.  The amendments will become effective on August 28, 2017.

Changes to the Proposal

Regulatory Records
The CFTC specifically requested comment on whether it should define the term “metadata,” i.e., data about data.  The CFTC decided not to define metadata at this time, a view supported by most commenters, and stated that the “definition of ‘regulatory record,’ i.e., all data produced and stored electronically describing how and when [required] books and records were created, formatted, or modified, is sufficient.” [3]  The CFTC also clarified “that a records entity only has the obligation to maintain data about a regulatory record after it is created and not about the record before it becomes a regulatory record,” so a records entity need not retain drafts made while creating a record. [4]

Policies and Procedures
The CFTC decided not to adopt a specific provision regarding policies and procedures for regulatory records.  The CFTC proposed to require each records entity to establish, maintain, and implement written policies and procedures reasonably designed to ensure compliance with Regulation 1.31.  As proposed, the written policies and procedures would have required appropriate training of officers and personnel of the records entity regarding their responsibility for ensuring compliance with Regulation 1.31, and regular monitoring of such compliance.  The CFTC stated that Regulation 1.31 sets forth the form and manner in which regulatory records must be kept, the retention period for various types of regulatory records, and the standards for production of regulatory records, and thus, as many commenters suggested, written policies and procedures are unnecessary. [5]

Form and Manner of Retention
The CFTC proposed to adopt additional controls regarding electronic regulatory records to ensure their authenticity.  One of these was a requirement that a records entity establish “[s]ystems that maintain the security, signature, chain of custody elements, and data as necessary to ensure the authenticity of the information contained in electronic regulatory records and to monitor compliance with the Act and Commission regulations.” [6]  The CFTC adopted the additional controls, but decided, in response to comments, to delete the “chain of custody” phrase, concluding that the phrase would cause confusion because it currently exists as a legal evidentiary standard and that the concept is adequately covered under the definition of regulatory records. [7]  The CFTC also clarified the last portion of that provision, noting “that the requirement is to establish systems that maintain the security, signature, and data regarding electronic regulatory records to ensure that the records entity can monitor compliance with the Act [and] is not a stand-alone obligation to ‘monitor compliance with the Act and Commission regulations.’” [8]

Duration of Retention
Regulation 1.31 has generally required that records be maintained for a period of five years and be readily accessible during the first two years of that five-year period. 

The CFTC determined that electronic regulatory records must be readily accessible for the duration of the required recordkeeping period, not just during the first two years.

In addition, records related to swaps generally have been required to be maintained during the life of the swap and for five years thereafter, but records of oral pre-trade communications for any commodity interest (futures and options on futures, as well as swaps), as described in CFTC Regulation 1.35(a)(1)(iii), need only be maintained for one year.  The CFTC specifically incorporated the retention period for records related to swaps into Regulation 1.31, thereby permitting the CFTC to make a technical change to delete the redundant retention periods for swap dealer records from CFTC Regulation 23.203(b).

Further, the CFTC determined to make an additional revision to the Proposal regarding certain swaps records.  Swap dealers will only be required to maintain electronic pre-execution written communications records for five years from their creation, a change from the current standard of the duration of the swap plus five years. [9]

Applicability
The CFTC states that the amendments to Regulation 1.31 “[do] not override other methods of maintaining records that may be specified elsewhere in the Act or other Commission regulations.  Thus, commercial end-users that are records entities, for example, may continue to maintain records in accordance with their current practices if such are permitted by the Act, Commission regulations, or existing relief or guidance.” [10]  

The CFTC reiterated that a records entity includes any person required to maintain records under the Act or CFTC regulations, even if that person is not required to register under the Act. [11]  The CFTC also noted that, even if a records entity uses a third-party recordkeeper, “[i]t is ultimately the duty and responsibility of records entities to ensure accurate and reliable records [and] that registrants are subject to a duty to diligently supervise all activities relating to its business as a Commission registrant, pursuant to [Regulation] 166.3.” [12]

The CFTC confirmed that the amendments to Regulation 1.31 do apply to existing records, but given that the amendments are designed to maintain or reduce regulatory burdens, the CFTC believes that the amendments do not impose any additional costs on records entities. [13] 

Issues Not Addressed
The CFTC did not address the requests of certain commenters for amendments to the recordkeeping requirements for commodity pool operators and commodity trading advisors in Part 4 of the CFTC’s regulations, or for additional guidance regarding requests for source code information, [14] deeming both requests outside the scope of its rulemaking.

Conclusion
The CFTC’s amendments to Regulation 1.31 should provide records entities with greater flexibility in how they maintain records and prevent the regulation from becoming outmoded as information technology continues to evolve.  Although the CFTC did not adopt all of the suggestions of commenters, it may have an opportunity to reconsider some of them as part of other rulemakings or Project KISS, the ongoing agency-wide review of regulations and practices intended to make them simpler, less burdensome, and less costly.