The CFTC's Enforcement Division Again Puts Market Participants on Notice About Its Expectations Concerning Compliance Programs
Continuing to press the message that implementing and enforcing an effective compliance program is a business imperative, not an optional “best practice,” on 10 September 2020, the Commodity Futures Trading Commission (CFTC) announced the issuance of public, staff-level guidance by the Division of Enforcement (Division), which outlines factors the Division will consider when evaluating compliance programs in connection with enforcement matters.1
As experienced white-collar and financial market enforcement practitioners know, the existence of a robust compliance program is a key factor in determining the outcome of an enforcement case, regardless of the underlying facts related to the conduct under investigation. According to the CFTC, the new guidance, which will be published in the agency’s Enforcement Manual, is the first of its kind issued by the Division. However, closer examination shows that the new guidance is the most recent in a series of reminders about how CFTC regulators view compliance programs and follows on the heels of the recent update of the CFTC’s civil monetary penalty guidance released in May 2020.2
The 10 September guidance is also indicative of a larger trend toward increased transparency and consistency in the evaluation of compliance programs across federal enforcement agencies. As we have written elsewhere, for example, the U.S. Department of Justice also has issued recent updates to guidance on how it evaluates corporate compliance programs.3
The Goal: A Culture of Compliance in Derivatives Markets
In announcing the new guidance, CFTC Chairman Heath P. Tarbert emphasized that the CFTC “depends on good corporate citizens, acting through compliance programs—as partners in furthering the integrity and resilience of our markets. It’s in both the agency’s interest and the interest of compliance personnel that the Commission is clear about how and what we’ll evaluate.”4 Division of Enforcement Director James McDonald stated that “[t]he ultimate goal of our enforcement program is to deter bad behavior and foster a culture of compliance in our markets …. Effective corporate compliance programs are a necessary part of that effort. This guidance will help both Division staff in evaluating a corporate compliance program and companies seeking to cultivate a culture of compliance for their businesses.”5 This goal must be kept in mind as market participants design and implement compliance programs on an ongoing basis.
Compliance Programs – Design and Implementation Objectives
The new guidance directs Division staff to consider whether a compliance program was reasonably designed and implemented to:
(1) prevent the underlying misconduct at issue;
(2) detect the misconduct; and
(3) remediate the misconduct.6
Significantly, according to the 10 September guidance, “[t]he Division will further consider whether, upon discovery of any misconduct, the compliance program itself has been reviewed and modified to address any deficiencies.”7 Thus, not only will the Division consider whether the compliance program was reasonably designed and implemented to prevent and detect the underlying conduct, the Division will also evaluate whether discovery of the conduct caused the company to proactively examine and update existing internal controls so as to forestall future violations. Also, “the Division will conduct a risk-based analysis, taking into consideration a variety of factors such as the specific entity involved, its role in the market, and the potential market or customer impact of the underlying misconduct.”8 Among other factors, the penalty guidance directs Division staff to consider any relevant mitigating or aggravating circumstances, including “the [e]xistence and effectiveness of the company’s pre-existing compliance program” and post-violation “efforts to improve a compliance program.”9
Prevention of Misconduct
In this context, factors to guide Division staff in evaluating a compliance program’s ability to prevent misconduct may include:
- The written policies and procedures in effect;
- The training of staff;
- A failure to cure any previously identified deficiencies;
- Adequate resources; and
- The structure, oversight, and reporting of the compliance function.
Detection of Misconduct
Factors that relate to the compliance program’s ability to detect the underlying misconduct may include:
- Internal surveillance and monitoring efforts;
- The organization’s internal-reporting system and handling of complaints; and
- Procedures for identifying and evaluating unusual or suspicious activity.
Remediation of Misconduct
Finally, Division staff will also take into account steps the company took to remediate following discovery of the underlying conduct, including steps taken to assess and address both the misconduct and any deficiencies in the compliance program that may have permitted the misconduct to occur. In considering remediation, Division staff will focus on whether the company:
- Effectively addressed the impact of the misconduct;
- Appropriately disciplined the individuals responsible for the misconduct; and
- Identified and addressed any deficiencies in the compliance program itself.
The CFTC’s Guidance Coincides With Other Regulator Guidance
The CFTC, CME Group,10 and ICE Futures U.S.,11 as well as other regulators such as the SEC and enforcement agencies like the Department of Justice have published guidance on their expectations with respect to corporate compliance. Enforcement agencies have clearly communicated through these various policy statements and publications that traders, and those who are legally responsible for traders’ conduct, must be invested in corporate compliance. Market participants must be invested in their design and implementation of compliance programs, both in order to prevent misconduct but also to put their best foot forward in the event of regulatory investigations or enforcement actions. The regulators see a failure to implement and enforce a well-designed compliance program as a failure to supervise, which in many contexts may itself constitute a rule violation. It is imperative that companies engage in an earnest and searching risk analysis, and design a compliance program that will stand up to harsh hindsight scrutiny.
Putting the Guidance into Action
The benefits of a proactive and robust compliance program are significant. Abiding by the CFTC’s new guidance to empower and resource a proactive corporate compliance program may result in mitigation of monetary penalties and post-resolution compliance obligations. Even if a company is never the target of a government investigation, a vibrant compliance program is an important part of any well-run corporation. Compliance departments and in-house legal departments should do their best to ensure that their budgets include substantial resources to support a dynamic, evolving, and risk-conscious compliance program that coincides with their business.
Lawyers from K&L Gates regularly counsel clients with respect to the design, evaluation, and implementation of corporate compliance programs. For more information regarding this client alert, do not hesitate to contact the authors or any other member of either the firm’s investigations, enforcement, and white collar practice group or the asset management and investment funds practice group.
This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.