The JAC is a club of futures exchanges, in their capacities as self-regulatory organizations. Under a delegation of authority from the CFTC, the JAC monitors and examines member futures commission merchants for compliance with financial, reporting, and risk management requirements (including rules relating to segregation of customer funds) adopted by member SROs and the CFTC.
The JAC has issued a Regulatory Alert, 22-02, reminding member FCMs of their obligations under CFTC Regulation 1.11. It’s safe to infer that the Alert is based on compliance gaps detected in recent FCM regulatory exams by member SROs.
CFTC Regulation 1.11 requires an FCM to establish, maintain and enforce a system of risk management policies and procedures designed to monitor and manage the risks associated with the activities of the FCM. The regulation requires FCMs to maintain written policies and procedures that describe its Risk Management Program and that specifically address certain risks and risk tolerance levels. The RMP must provide for periodic risk exposure reporting, and include policies and procedures to monitor and manage segregation, operational and capital risks. An FCM’s RMP must also account for market, credit, liquidity, foreign currency, legal, operational, settlement, technological, capital, and any other applicable risks of the FCM. Further, the RMP must take into account risks posed by affiliates, all lines of business of the FCM and all other trading activity engaged in by the FCM.
JAC Alert 22-02 identifies several requirements that FCM Legal and Compliance personnel will want to confirm are adequately addressed in reviewing their Regulation 1.11 Risk Management Programs:
- An RMP must identify and include “all required elements including specific risks, risk tolerance levels, policies, procedures, processes, etc.” If a required element is addressed in a supplemental program or document, that program or document should be identified in and linked to the FCM’s RMP.
- Policies and procedures to monitor and manage segregation, operational and capital risks should adequately describe the internal processes and/or controls which address these risks. This may include specific reports or criteria to be reviewed or considered by FCM personnel when monitoring or managing these risks; specific actions, evaluations or reviews conducted; FCM personnel executing the processes or controls; documents reviewed or prepared; internal approvals required; and protocols for escalation of issues requiring regulatory notification.
- The RMP should be reviewed and tested on at least an annual basis or upon any material change in the business that is reasonably likely to alter the risk profile of the FCM.
- Annual training of all finance, treasury, operations, regulatory, compliance, settlement and other relevant officers and employees regarding segregation requirements, notice requirements under CFTC Regulation 1.12, procedures for reporting suspected breaches of policies and procedures to the Chief Compliance Officer, and consequences of failing to comply with segregation regulations.
Link to Regulatory Alert 22-02:
Link to CFTC Staff Advisory on FCM RMPs, No. 16-24: