The Director of the CFTC Division of Enforcement (the "Division") provided guidance for staff on assessing compliance programs when considering appropriate penalties or other sanctions. The guidance will be included in the CFTC Enforcement Manual and will be binding on Enforcement Division staff.
In the Memorandum, Division staff are instructed to undertake a "risk-based analysis" and to consider the type of entity involved, its role in the market, and the potential impact of its misconduct on customers or the market.
The guidance provides a framework for conducting compliance program review. The framework includes "whether the compliance program was reasonably designed and implemented to achieve three goals: (1) prevent the underlying misconduct at issue; (2) detect the misconduct; and (3) remediate the misconduct." The compliance program guidance described these elements:
- Prevention. The Division will evaluate (i) a company's written policies and procedures, (ii) the training of staff, supervisors and compliance personnel, (iii) any failure to address previously identified deficiencies, (iv) the adequacy of resources devoted to compliance, and (v) the independence of the compliance program from business functions.
- Detection. The Division will assess (i) the sufficiency of an organization's internal surveillance efforts, (ii) the organization's handling of complaints and its internal-reporting system, and (iii) the organization's procedures for identifying suspicious activity.
- Remediation. The Division will take into account the efforts of an organization to (i) successfully address the impact of the misconduct, (ii) "appropriately discipline" the responsible parties, and (iii) determine any deficiencies in the compliance program and address them.
In addition, the guidance requires staff to "consider whether, upon discovery of any misconduct, the compliance program itself has been reviewed and modified to address any deficiencies."
Commentary - Kyle DeYoung
The compliance guidance provides some welcome transparency into the Commission's enforcement decisions. Like the CFTC's penalty guidance issued in May (covered here), the guidance largely tracks the Commission's previous stated priorities and offers a principles-based approach, rather than setting out specific requirements that companies must meet. It is a useful guide for companies regulated by the Commission and provides a roadmap for the kind of questions that companies dealing with the Division of Enforcement will likely need to answer about their compliance programs.
- CFTC Guidance: Evaluating Compliance Programs in Connection with Enforcement Matters
- CFTC Press Release: CFTC Issues Guidance on Factors Used in Evaluating Corporate Compliance Programs in Connection with Enforcement Matters
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.