Deanna Reitman, Of Counsel at DLA Piper, and Jesse Medlong, Associate at DLA Piper, explain the new guidelines trading companies will have to focus on prior to revising their compliance programs, as set out by the Commodity Futures Trading Commission.
The Commodity Futures Trading Commission, CFTC, announced on September 10 the publication of binding staff-level guidance for how the Division of Enforcement will review a registrant’s compliance program as part of an enforcement matter.
The CFTC’s recently issued penalty guidance directs enforcement staff to consider the “existence and effectiveness of the company’s pre-existing compliance program” and post-violation conduct such as the company’s “efforts to improve a compliance program” as mitigating circumstances when setting penalties. This newest guidance explains how the CFTC will conduct its review of compliance programs in the enforcement setting.
The guidance begins by explaining that CFTC review of a compliance program is to be guided throughout by a multifactor, risk-based analysis. That analysis includes consideration of whether the company’s compliance program is designed and implemented to achieve the key aims of preventing, detecting, and remedying the misconduct at issue.
Another consideration is whether the company reviewed and, if appropriate, revised the compliance program itself upon discovering the misconduct. The guidance then proceeds by setting forth the various considerations specific to each of the three key goals of prevention, detection, and remediation.
“The guidance helps companies understand how the CFTC will review their compliance programs in the context of enforcement.”
Firstly, with respect to prevention, the CFTC considers whether the company’s policies and procedures reasonably address the relevant misconduct and whether training reasonably addressed the type of misconduct at issue. It also considers whether the company’s failure to cure any previously identified deficiencies in the compliance program (particularly deficiencies identified in regulatory findings) contributed to, or failed to prevent, the misconduct. Whether the company had dedicated adequate resources to compliance is also evaluated, as are all aspects of the compliance function to determine whether they are sufficiently independent from the business functions.
Secondly, the CFTC will consider the processes and procedures the company uses to detect misconduct and whether, in the matter at issue, its compliance mechanisms independently detected the misconduct. Relevant considerations include the adequacy of the company’s internal surveillance and monitoring efforts, internal-reporting system and processes for handling complaints (including provisions for anonymous complaints and whistleblower protections), and procedures to identify and evaluate unusual or suspicious activity to determine whether any misconduct has occurred.
Finally, with respect to remediation, the CFTC considers what steps the company took, upon discovering the misconduct, to assess and address the misconduct, and whether any deficiencies in the compliance program may have permitted the misconduct or prevented its detection. This includes taking into consideration whether the company took sufficient and timely action to address the misconduct’s impact, including to mitigate and cure financial harm to others and to restore integrity to the relevant markets. It also examines whether and how the company disciplined those responsible for the misconduct, and identifies and addresses deficiencies in the compliance program that may have frustrated prevention and timely detection of the misconduct.
The guidance represents the most recent push in the CFTC’s efforts to ensure the transparency of its processes to registrants and the public generally. The compliance program is the cornerstone of a company’s policies and procedures for conforming with applicable laws and regulations, and the guidance helps companies understand how the CFTC will review their compliance programs in the context of enforcement.
Companies are well advised to focus on these considerations as they devise and revise their compliance programs going forward, and to seek experienced counsel to facilitate the process.