Tread with Caution: New CFTC Enforcement Advisory on Penalties, Monitors and Admissions Portends Increased Compliance Costs for Industry

It is no longer just lions, tigers and bears Dorothy needs to be fearful of, but if she is a potential defendant in a CFTC enforcement action, she must also now worry about potential higher fines (especially if she is recidivist), imposition of third-party monitors, and mandatory admissions of facts and/or violations of law to obtain a settlement under a CFTC Division of Enforcement (DOE) Advisory issued on October 17, 2023.

The Advisory’s publication coincided with Ian McGinley, Director of DOE, speaking at New York University School of Law's Program on Corporate Compliance and Enforcement, where he addressed a crowd of industry practitioners, CFTC Commissioner Christy Goldsmith Romero[1] and other interested parties. In his prepared remarks, Director McGinley noted that he intends to “dispel this myth” that the CFTC is “friendly” when it comes to enforcement.

Under the new Advisory, DOE may recommend higher civil monetary penalties in cases involving “recidivist” offenses (i.e., where the same respondent has been the subject of previous CFTC actions on the same or similar regulatory violation(s) within a certain period of time), and will consider, among other things, the overlapping nature of the prior and current CFTC actions, the time between offenses, whether overlapping management was involved, the pervasiveness of the new misconduct, and the robustness and effectiveness of remediation, if any, taken and maintained since the prior resolution.

Director McGinley explained that entities will be deemed to be engaged in “recidivist” offenses when the violations involve the same root cause. As an example, Director McGinley noted that an entity with a prior reporting violation would not be deemed to be a “recidivist” entity if the new violation involved recordkeeping failures. Director McGinley also clarified that when determining appropriate penalties for “recidivist” offenses, DOE may consider an entity’s remedial actions since the prior finding of violation, including but not limited to employee termination and/or reorganization, retraining and increased staffing.

However, questions remain regarding DOE’s interpretation of “recidivism” under the Advisory. For example, it is unclear whether supervision failures, which are a common charge in a substantial number of CFTC enforcement actions, will be deemed to be repeat offenses, even when the type and nature of the underlying violative conduct in the new action may be fundamentally different from a previous action involving the same respondent.

Additionally, the Advisory notes that DOE will now formally recommend the use of monitors (i.e., third-party entities approved by the CFTC) in certain cases to test and report to the CFTC the sufficiency of remediation plans imposed in consent orders. Previously, the CFTC had imposed the use of monitors in a few enforcement actions, including one such action announced at the end of September.[2] In situations where a respondent preemptively hires a third-party consultant to assist with its remediation plans, the Advisory notes that DOE staff likely may not recommend a third-party monitor but instead will allow the respondent to use its own consultant to assist with its remediation. 

Although Director McGinley claimed that the imposition of a monitor is not intended to be a punitive measure, the Advisory notes that a monitor will be imposed “in cases involving the most significant and/or pervasive compliance and control failures.” As a result, the imposition of a monitor may nevertheless be viewed by industry participants and the public at large as a negative assessment by the CFTC of a respondent’s existing compliance framework.

Moreover, at the end of a monitor’s engagement, the monitor and one or more officers of a respondent would have to certify that the respondent has completed the remediation plan laid out by the monitor. The formality of preparing a certification and the consequences of the CFTC later challenging the accuracy of a certification could substantially drive up the costs to a respondent of engaging a monitor. 

Finally, in a significant departure from the historical approach that “no-admit, no-deny” resolutions are the default, going forward, the Advisory provides that DOE will, in each case, conduct a facts-and-circumstances analysis to determine whether admissions or the civil equivalent of a guilty plea, is appropriate. Factors DOE will consider include, among other things, whether the respondent is entering into a parallel criminal resolution, whether there is a realistic risk of criminal exposure arising from the act of admitting the misconduct, and whether there is a legitimate factual dispute where DOE is persuaded the respondent faces significant litigation risk establishing the fact at trial.

Although the new Advisory provides market participants some clarity regarding the factors and considerations that affect and determine the ultimate outcome of CFTC enforcement actions, it also raises potentially challenging questions for firms and individuals when deciding on the best course of action to take in (1) deciding whether to self-report potential violations to DOE or other CFTC staff and (2) attempting to mitigate enforcement risk and/or potential penalties imposed by the CFTC. 

For example, it remains unclear exactly how DOE’s new approach to admissions under the Advisory will affect and interact with DOE’s existing guidance on self-reporting and cooperation, which provides that in assessing the appropriate level of cooperation “credit” in an enforcement action (i.e., in the form of reduced penalties), DOE may take into account, among other things, “[w]hether the company has admitted or otherwise demonstrated an acceptance of responsibility for its past misconduct.” Although Director McGinley said that he views the new approach to admissions and the existing guidance on cooperation credit to be “fairly separate inquiries,” it is not immediately clear whether (or under what circumstances) a respondent may receive cooperation credit, if any, for admissions imposed by DOE pursuant to the Advisory.

Further, although senior DOE staff during a Q&A panel following Director McGinley’s remarks indicated that one of the potential benefits to self-reporting is that the self-reporting entity has the opportunity to frame the facts as presented to DOE, questions remain regarding such purported benefits, as even under the most favorable of circumstances, respondents in enforcement actions practically often have little to no control over the enforcement narrative and how facts are ultimately portrayed in resolutions. Given DOE’s increasingly aggressive enforcement posture and in light of the new Advisory, the perceived risks of self-reporting could outweigh the potential benefits accruing to a respondent, particularly when the benefits are exceedingly difficult to anticipate at the outset and measure with any degree of certainty.

Ultimately, the Advisory puts market participants on notice of the CFTC’s increasingly aggressive approach to enforcement and likely portends increased compliance costs across the industry for firms and individuals.

[1] Commissioner Romero issued a statement in support of the Advisory, available here. In her statement, Commissioner Romero noted, among other things, that recidivism, which is “often a signal of a broken culture of compliance,” has “gotten worse in regulated financial services.”

[2] In the Matter of Goldman Sachs & Co. LLC, CFTC Docket No. 23-60 (Sept. 29, 2023).