Managing money and finding alpha is never easy. In addition to tough trading and market conditions, fund managers must also address cybersecurity risks.  Cyber-attacks against large banks generate most of the headlines, but asset managers are also targeted.  According to a 2015 report by the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations, 74% of registered investment advisors surveyed by the SEC have experienced cyber-attacks, either directly or through their vendors.

With malware, ransomware and other cyber-attacks becoming more sophisticated, fund managers could suffer bigger losses from a data breach than a bad trade”

Given the elevated data privacy risks, private equity and hedge fund managers, together with their technology, legal and compliance teams, should protect themselves against cyber-attacks and comply with SEC, Commodity Futures Trading Commission and National Futures Association regulations by undertaking a five step plan that includes designating a chief information security officer, assessing risk, maintaining written policies and procedures, developing cybersecurity controls and developing a comprehensive information security program.

Our summary of cyber-risk management and compliance procedures appear in the July – September 2017 issue of Risk & Compliance Magazine, a publication of Financier Worldwide.  Please click on the link to read the article: Cybersecurity for Investment Managers.

On February 23, 2017, the European Supervisory Authorities (ESAs) announced that neither the ESAs nor competent authorities (CAs) would provide over-the-counter (OTC) derivatives dealers subject to European Market Infrastructure Regulation (EMIR) with relief from the March 1, 2017 deadline to implement variation margin (VM) requirements. However, due to difficulties faced by small counterparties, and for consistency with the guidance issued by the U.S. banking agencies, the ESAs expect CAs to generally apply a risk-based approach in their day-to-day enforcement of VM requirements after March 1.  CAs will require European dealers to take into account counterparty exposures and risk of default, document their steps taken toward full compliance and put in place alternative arrangements to contain risk, such as using existing Credit Support Annexes to exchange VM.  The ESAs and CAs make clear that their risk-based approach does not entail a general forbearance, but that CAs will make a case-by-case assessment on the degree of a dealer’s compliance and progress.  In any case, the ESAs and CAs expect EU derivatives dealers to finalize all necessary documentation before September 1, 2017 and that OTC transactions entered into on or after March 1, 2017 will remain subject to VM obligations for non-centrally cleared derivatives under the EMIR Regulatory Technical Standards.

The European regulators made their announcement on the same day as the Federal Reserve Board (FRB) and Office of the Comptroller of the Currency (OCC) issued guidance for U.S. swap dealer banks.  On February 23, 2017, the FRB and OCC required U.S. swap dealer banks to be in full compliance with their VM requirements by March 1, 2017 for counterparties with significant exposures.  But for swap counterparties without significant exposures, the FRB and OCC expect swap dealer banks to make good faith efforts to comply with the final rule by September 1, 2017.  The FRB and OCC didn’t provide any definitions for significant exposures.

With guidance from the ESAs, CAs, FRB and OCC, as well as the announcement by the Japanese Financial Services Agency that it will delay VM requirements for Japanese dealers applicable to cross-border trades with counterparties in jurisdictions where VM requirements have not yet been implemented, only the Canadian regulators have yet to announce transitional measures or no-action relief.  The U.S. Commodities Futures Trading Commission, plus regulators in Australia, Hong Kong and Singapore elected to provide no-action relief from VM requirements until September 1, 2017 for dealers under their jurisdiction.  Let’s hope global regulators can use the next six months to agree on a consistent framework for VM requirements.  Without such harmonization, global markets could further fragment and liquidity in key OTC derivative products, such as foreign exchange swaps and forwards, could be reduced.  Risk-based approaches are good, but harmonized regulation is better.

U.S. swap dealer banks received much needed breathing room, but not complete relief from the March 1, 2017 variation margin (VM) deadline for swaps and security-based swaps. On February 23, 2017, the Federal Reserve Board (FRB) and Office of the Comptroller of the Currency (OCC) recognized that, considering the scope and scale of documentation and operational changes necessary for swap dealer banks to achieve effective compliance for each of its non-cleared swap transactions, FRB and OCC examiners will focus on the bank’s good faith efforts to comply with the VM requirements, as soon as possible, but in no case later than September 1, 2017.

Significant Exposures

However, for swap counterparties that present significant exposures, the FRB and OCC expect swap dealer banks to be full compliance with the VM requirements by March 1, 2017. The FRB and OCC didn’t define what may constitute significant exposures.  For swap counterparties without significant exposures, the FRB and OCC expect swap dealer banks to make good faith efforts to comply with the final rule by September 1, 2017.  Swap dealer banks should prioritize compliance efforts based on the size of and risk inherent in the credit and market risk exposures presented by each counterparty.  Furthermore, banks must establish governance processes that assess and manage their current and potential future credit exposure to non-cleared swap counterparties, as well as any other market risk arising from such transactions.   The FRB and OCC indicated that their examiners will consider the bank’s implementation plan, including actions taken to update documentation, policies, procedures and processes, as well as its training program for staff on how to handle technical problems or other implementation challenges.

Impact on the Buy Side

The FRB and OCC announcement is important because the largest swap dealers are affiliated with U.S. banking institutions and most counterparties should not present significant exposures to banks affected by the guidance. While the FRB and OCC elected not to provide complete relief, the bank regulatory announcement is critical because the six-month VM rule grace period from the Commodity Futures Trading Commission only covered smaller non-bank and energy swap dealers.  Hopefully, European and Canadian regulators will follow their colleagues in the United States, Australia, Singapore and Hong Kong in postponing their VM deadlines to September 1, 2017.  Without global coordination of VM rules and deadlines, market participants could suffer from decreased liquidity and market fragmentation.  To prevent such trading disruptions, financial end users and other buy-side counterparties must continue to work diligently to establish VM compliant documentation with their dealers as soon as possible.

On February 13, 2017, the U.S. Commodity Futures Trading Commission (CFTC) issued time-limited no-action relief providing a six-month grace period for certain swap dealers to come into compliance with the variation margin rules that are set to come into force March 1, 2017.  As CFTC Acting Chairman Giancarlo noted, as much as 90 percent of financial end-users in-scope under the rules are not ready to meet the new requirements.

Global systemic risk is not reduced by the abrupt cessation of risk hedging activity by American life insurance companies and retirement funds at a time of enormous changes in financial rates and global asset values. This action by the CFTC does not change the scheduled time of arrival for the agreed margin implementation. It just foams the runway to ensure a safe landing.”  – CFTC Acting Chairman Giancarlo

The CFTC’s relief will primarily benefit smaller swap dealers and energy companies registered as swap dealers.  While the relief contains certain conditions, these are not generally onerous. The relief is similar to that provided by regulators in Australia, Singapore and Hong Kong.

However, U.S. prudential regulators and European regulators have yet to issue similar relief.  Given that many of the largest swap dealers are subject to rules issued by the U.S. banking agencies, the Federal Reserve Board, Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency, the relief issued by the CFTC will do little to prevent last-minute trading disruptions or market fragmentation if the U.S. banking regulators do not follow suit.  Further, European dealers are subject to variation margin rules promulgated by European regulators under EMIR.  European regulators have yet to issue any final relief, although they have made noises indicating that such relief is being considered.  In short, the CFTC’s relief will have limited benefit to impacted market participants if these other regulators do not follow suit before March 1.

Over the past decade, electronic trading and the use of automated code or algorithms to generate orders with execution times consisting of microseconds or milliseconds, otherwise known as high frequency trading, has largely replaced human floor brokers and market markers.  High frequency trading is now being reviewed by the SEC and is the subject of the CFTC’s proposed Regulation Automated Trading.  Derivations recently published an article examining high frequency trading’s risks to securities and derivatives markets, as well as potential benefits in the form of lower overall trading costs and improved resilience due to enhanced pre-trade risk controls and system safeguards.  Our article appears in the January – March 2017 issue of Risk & Compliance Magazine, a publication of Financier Worldwide.  Please click on the link to read the article: High Frequency Trading.The Path Forward for Market Liquidity and Stability.

Derivatives traders and lawyers are focused on March 1. Not for any basketball tournaments, but for the variation margin (VM) big bang.  From March 1, 2017, swap dealers and financial end-users will be required to exchange VM on uncleared swaps.  To comply with the applicable VM rules, swaps dealers and financial end users will need to amend their derivatives documentation, including credit support annexes (CSAs).  ISDA created the 2016 VM Protocol (the VM Protocol) to provide a documentation solution that complies with the U.S. banking prudential regulator and Commodity Futures Trading Commission (CFTC) VM rules, as well as similar rules in Canada, Japan and under European Market Infrastructure Regulation (EMIR).  In addition to selecting the relevant jurisdictions required for compliance, counterparties can elect to:

  1. Amend existing master agreements to add new CSAs for VM on terms determined by the VM Protocol.
  2. Amend existing master agreements and CSAs to cover new transactions (but not trades entered into before March 1, 2017) by creating a replica of their existing CSA and then amending it to comply with the jurisdictions selected.
  3. Amend existing CSAs in order to comply with the jurisdictions selected (which would cover all transactions under the master agreements).
  4. Create new ISDA 2002 Master Agreements (using agreed-upon boilerplate terms) with new compliant CSAs.

While the VM Protocol is quite flexible and can satisfy applicable VM requirements in the US, Canada, Europe and Japan, many market participants have elected to not use the VM Protocol. Rather, many participants have decided to negotiate new or amended CSAs on a bilateral basis. Considering that it often takes months to negotiate a single CSA, and that thousands of counterparties will be required to exchange VM on March 1, derivatives lawyers for swap dealers and investment managers are working diligently to finish the new documentation in time.

But, What If…?

If a substantial number of counterparties have not executed bilateral compliant CSAs or adhered to the VM Protocol by March 1, they will not be able to trade uncleared swaps. This could disrupt global swap markets by reducing liquidity and increasing risk by preventing market participants from hedging existing positions.  The easiest solution would be for the CFTC and other global regulators to postpone the March 1 deadline.  Hong Kong and Singapore have already announced a six month phase-in period for counterparties to continue to negotiate compliant documentation.  Australia has also postponed the deadline to September 1, so long as all transactions executed from March 1 are subject to VM requirements by September 1.  Unfortunately, the European Commission may be unwilling or unable to push back the March 1 effective date for the EMIR VM standards.  This could put acting CFTC Chairman Christopher Giancarlo in a difficult position. Chairman Giancarlo has emphasized the importance of harmonizing global derivatives regulation, particularly to prevent market fragmentation.

I am especially concerned that smaller firms, including American pension and retirement funds, may not be able to get their documentation done in time. If they do not, they will be abruptly forced to stop hedging their portfolios at a time of enormous changes in financial rates and global asset values.” – Acting CFTC Chairman Christopher Giancarlo


The CFTC could decide not to provide relief in order to maintain consistency with the EMIR VM standards.  The CFTC elect to provide short-term transitional period of relief, much as it did on September 1, 2016 for large swap dealers to complete the custodial arrangements needed to comply with the initial margin requirements applicable to dealers (the 2016 Relief).  However, the 2016 Relief was implemented at the last minute and offered only a 30-day period for a small number of dealers to complete less complex documentation.  Given that the VM rules have a global impact and the upcoming March 1 deadline will affect a much larger set of counterparty relationships, the most practical way forward would be for the CFTC to work with European and Asian regulators to push-back the March 1 deadline to September 1, 2017, or implement a six-month phase-in period.  Hopefully, with the post-election changes at the CFTC, U.S. regulators will have more flexibility to harmonize derivatives regulation than they did under the prior administration.  Let’s hope that U.S. and global regulators can agree on a consistent approach.  Otherwise, the March 1, 2017 VM big bang will cause March madness.

On January 12, 2017, the Commodity Futures Trading Commission (CFTC) proposed to amend its recordkeeping requirements set forth in Regulation 1.31.  The CFTC’s proposed amendments are intended to implement advances in information technology and adopt technologically neutral rules that anticipate developments such as blockchain or distributed ledger technology.  CFTC Regulation 1.31 currently requires that “all books and records … be kept in their original form (for paper records) or native file format (for electronic records) for a period of five years from the date thereof and shall be readily accessible during the first two years of the five-year period.”

In this age where terabytes of storage easily fit in one’s pocket, our rules should not refer to microfiche or require paper records.” – CFTC Chairman Massad

The CFTC’s proposed amendments would modernize recordkeeping requirements by making Regulation 1.31 principles-based. The CFTC would accomplish this by replacing references to “books and records” with “regulatory records” and clarifying that regulatory record means all books and records …, including any record of any correction or other amendment to such books and records; provided that, with respect to such books and records stored electronically, regulatory records shall also include all data produced and stored electronically that describes, directly or indirectly, the characteristics of such books and records, including, without limitation, data that describes how, when, and, if relevant, by whom such electronically stored information was collected, created, accessed, modified or formatted (i.e. data about data or “metadata”).  According to the CFTC, the ability to access a trader’s metadata is integral to its inspection and investigative functions. Finally, given the new principles-based definition of regulatory records, the CFTC proposed to remove the existing requirement to preserve records exclusively in a non-rewritable, non-erasable format (i.e. “write once, read many”, or “WORM” format) and delete the technologically-ancient definitions of “native file format”, “micrographic media”, and “electronic storage media.”  End users and buy-side firms have found compliance with the CFTC’s WORM requirement to be burdensome.  Eliminating the need to store records in a dated WORM format should result in substantial cost savings.

The CFTC’s proposal would not change recordkeeping time periods and would also retain requirements to establish written policies and procedures for recordkeeping obligations, including appropriate training of officers and personnel responsible for ensuring compliance with recordkeeping rules. However, the amendments would modernize recordkeeping and storage obligations and pave the first step in a regulatory path forward for market participants to realize one of the benefits of blockchain technology.  The CFTC proposed amendments would also further align Regulation 1.31 with the SEC’s technology neutral recordkeeping obligations for broker-dealers under SEC Rule 17a-4 and investment advisors under SEC Rule 204-2(g).  In sum, the CFTC’s proposed amendments should reduce compliance burden, provide for more regulatory consistency and help facilitate the development of blockchain and other innovations in financial technology.

The inauguration of Donald Trump as President, together with the Republican majority Congress, will trigger changes at the SEC and CFTC in 2017.   SEC Chair Mary Jo White is expected to step down in early 2017 and Michael Piwowar will likely become the acting Chair until the SEC elects a new permanent Chair.  Kara Stein, a Democrat, is presently the third SEC Commissioner.  The SEC currently has two vacant Commissioner seats.  In 2015, Barack Obama nominated a Republican and a Democratic candidate for the vacant SEC seats, but the Senate did not confirm the candidates.  The Trump administration will surely select new candidates in 2017 which will likely face a less contentious confirmation process before the Republican majority in the Senate.  The turnover at the SEC may further delay security-based swap Dodd-Frank rulemaking.

The CFTC will undergo a similar transition. In January 2017, CFTC Chairman Timothy Massad will likely step down and be replaced by CFTC Commissioner Christopher Giancarlo.  Currently, Chris Giancarlo is the only Republican CFTC Commissioner.   Sharon Bowen, a Democrat, is presently the third CFTC Commissioner.  Just like the SEC, the CFTC has two vacant Commissioner seats which the Obama administration was unable to fill.  After January 20, 2017, the Republican Party will hold three out of the five CFTC Commissioner seats.  With a majority of Republican CFTC Commissioners and a Republican controlled Congress, the potential impact on CFTC Dodd-Frank rulemaking, including perhaps on the implementation of swap margin requirements and adoption of the controversial Regulation Automated Trading, can’t be understated.

The changes at the SEC and CFTC may be magnified by leadership decisions for important committees in Congress. In the House of Representatives, Rep. Mike Conaway (R-Texas) may continue on as chairman of the House Agriculture Committee and Rep. Jeb Hensarling (R-Texas), author of the Financial CHOICE Act of 2016 (which would, among other things, roll-back parts of Dodd-Frank Act and repeal the Volcker Rule) will likely remain chairman of the powerful House Financial Services Committee. However, Rep. Scott Garrett (R-N.J.), current chairman of the Financial Services Subcommittee on Capital Markets and Government-Sponsored Enterprises was not re-elected.  It’s unknown who may rise to lead the subcommittee.  In a year that saw the Chicago Cubs win the World Series and a reality television star be elected President, the only certainties for derivatives traders, will be regime changes at the SEC and CFTC, and more regulatory uncertainty in 2017.

Most derivatives and capital market lawyers usually spend more time worrying about the price of avocados than Constitutional law issues.  Hungry lawyers now have reason to be concerned about the rights of derivatives market participants under the 4th and 5th Amendment under the U.S. Constitution.  The 4th Amendment prohibits unreasonable searches and seizures by governmental agencies.  The 5th Amendment, among other things, affords due process of law which requires notice and an opportunity to be heard.  Because of the 4th and 5th Amendment protections, government agencies generally must seek a subpoena issued by a court before they can search or seize property.  The Commodity Futures Trading Commission (CFTC) has proposed a new rule that could require traders to hand over their intellectual property (IP) to the government without a subpoena.

On December 17, 2015, the CFTC published a notice of proposed rulemaking (NPRM) to improve regulation of automated trading of listed derivatives on designated contract markets (DCMs) (collectively, Reg AT).  The NPRM for Reg AT includes a number of important risk controls and other safeguards intended to enhance the safety and soundness of electronic derivatives trading.  The NPRM also proposes that traders must create a source code repository for its trading algorithms in accordance with the CFTC’s basic recordkeeping requirements under Regulation 1.31.  This raises Constitutional issues because, under the NPRM, the CFTC would not be required to obtain a subpoena to inspect a trader’s source code.

A trader’s source code is best defined as a collection of computer instructions as they are originally written (i.e., typed into a computer) in plain text (i.e., human readable alphanumeric characters) comprising executable software capable of exercising discretion over an order on the production environment of a DCM without human intervention.  In this context, discretion means the ability to (i) submit, modify, or cancel the order and (ii) determine and set the relevant order details submitted to the DCM.  Source code is a trader’s valuable IP that forms the basis of a trader’s present and future trading strategies.  Public disclosure of a trader’s IP could result in a substantial economic loss.  Forced disclosure of IP should not be taken lightly.  Given the Constitutional law issues and potential risks created by disclosing source code, the CFTC sought further comment on its NPRM for Reg AT.

On November 4, 2016, the CFTC published a Supplemental Notice of NPRM on Reg AT (Supplemental Notice) to address comments received from market participants.  The CFTC’s Supplemental Notice acknowledged concerns over source code disclosure and proposed additional limits to the CFTC’s access to a trader’s source code.  Under the Supplemental Notice, the CFTC could only gain access to a trader’s source only via a subpoena or through a new CFTC “special call”.  The Supplemental Notice doesn’t provide much detail on the “probable cause” required by the CFTC to approve a special call or for traders to be afforded notice or an opportunity to be heard.  The Supplemental Notice does require the CFTC to maintain in confidence any records turned over to the CFTC pursuant to a special call.  The records protected under a special call include data and information that would separately disclose the market positions, business transactions, trade secrets or names of customers of any person.  Unfortunately, the CFTC’s technical ability to maintain the data privacy of a trader’s source code or other records is uncertain.

The CFTC’s disregard for the Constitutional issues triggered proposed Reg AT is troubling. No other governmental agencies can require market participants to disclose IP without a subpoena or similar judicial process.  If a farmer developed a genetically modified avocado that’s always ripe and never turns brown when made into guacamole, the Food & Drug Administration can’t require the farmer to turn over the IP behind a genetically engineered avocado.  The genetic code for the super-avocado is the farmer’s IP, and although it may sound like a silly example, the issues at stake are serious.  Under Reg AT, as currently proposed, the CFTC could have access to IP that no other government regulator currently has.  More crucially, the NPRM and Supplemental Notice for Reg AT jeopardize fundamental rights under the 4th and 5th Amendments because the proposed rules don’t provide market participants with due process.  Regardless of whether the government seeks IP related to avocados or source code, derivatives lawyers should consider the Constitutional issues at stake and prevent the CFTC from demanding that traders hand over their IP or other property without a subpoena.

On November 1, 2016, under No-Action Letter (NAL) 16-76, the CFTC Division of Market Oversight (DMO) extended its time-limited no-action relief for certain swaps executed as part of package transactions from the requirement to trade on a swap execution facility (SEF) (the “trade execution requirement”).  DMO extended its relief to November 15, 2017.  A tabulated summary of affected package types is available here.  This marks the fifth time DMO has delayed compliance from the trade execution requirement for particular types of package trades, highlighting the practical difficulty of implementing the trade execution requirement for certain instruments. (CFTC Commissioner Giancarlo has previously criticized the process of issuing time-limited relief for packaged trades, available here.)  Prior no-action letters include NAL 15-55, NAL 14-137, NAL 14-62 and NAL 14-12. Readers interested in puzzles may find it an interesting exercise to read through these letters and parse out how the relief applied at each stage and to what instruments.