URGENT: CFTC Warns Registrants of Cyber Threats and Requests Information by January 10 and/or January 20
On January 3, 2020, the Division of Swap Dealer and Intermediary Oversight (DSIO) of the U.S. Commodity Futures Trading Commission (CFTC) issued two cyber threat alerts regarding the hacking of approximately one dozen cloud service providers, as described in a Wall Street Journal article published December 30, 2019, entitled “Ghosts in the Clouds: Inside China’s Major Corporate Hack.”
One DSIO cyber threat alert was directed to swap dealers (SDs) and futures commission merchants (FCMs). Another was directed to commodity pool operators (CPOs), commodity trading advisors (CTAs), introducing brokers (IBs) and retail foreign exchange dealers (RFEDs). The National Futures Association (NFA) then sent a blast email to all NFA members in these registration categories (on behalf of the CFTC), with the DSIO alerts attached, further emphasizing to NFA members the information requested by DSIO and the deadlines for providing such information.
CFTC Approves Amendments to Recordkeeping Rules
On May 23, 2017, the Commodity Futures Trading Commission (CFTC) unanimously approved proposed amendments to the recordkeeping obligations set forth in CFTC Regulation 1.31 (Recordkeeping Rule) which is applicable to all CFTC registered entities and other persons required to maintain records under the Commodity Exchange Act (CEA). The final amendments are intended to modernize the Recordkeeping Rule by making the form and manner in which regulatory records must be kept technology-neutral. The amendments provide recordkeepers with greater flexibility regarding the retention and production of CFTC regulatory records. The CFTC indicated that it does not believe the amendments impose any new recordkeeping requirements on any recordkeeper, and existing recordkeeping methods remain valid for compliance with the amended Recordkeeping Rule should a recordkeeper choose not to take advantage of the less-prescriptive, principles based approach of the amended Recordkeeping Rule. The final amendments also reorganized the Recordkeeping Rule for ease of understanding, including by adopting new definitions. The amendments represent a long-awaited and generally positive modernization of important CFTC rules that have often frustrated market participants. The effective date for the amended Recordkeeping Rule is August 28, 2017. (more…)
CFTC Issues Final Cybersecurity Rules on System Safeguards Testing Requirements
On September 8th, the Commodity Futures Trading Commission (“CFTC”) approved amendments (“Final Rules”) to its ”system safeguards rules.” The system safeguards rules obligate designated contract markets, swap execution facilities, and swap data repositories (for convenience, collectively referred to as “Exchanges”) as well as derivatives clearing organizations (“Clearinghouses”) to have in place cybersecurity programs of risk analysis and oversight. As part of such a program, Exchanges and Clearinghouses (collectively, “Covered Entities”) must conduct testing and review sufficient to ensure their automated systems are reasonably reliable and secure, and have adequate scalable capacity.
CFTC Asserts Jurisdiction Over Bitcoin Derivatives
This Article originally appeared in the Thomson Reuters FinTech Law Report, Volume 18, Issue 6 (2016).
On September 17, 2015, the Commodity Futures Trading Commission (“CFTC”) issued an order (“Coinflip Order”) settling charges brought against Coinflip, Inc., the operator of an online trading platform that facilitated the trading of derivatives on Bitcoin and other digital currencies, also referred to by the CFTC and other regulators as “virtual currencies” (“Bitcoin Derivatives”), including U.S. dollar cash-settled options. The CFTC found that Coinflip, Inc. had violated the Commodity Exchange Act (“CEA”) and CFTC rules by failing to register as a swap execution facility (“SEF”) or designated contract market (“DCM”). The direct impact of the Coinflip Order is minimal, as the platform itself had already shut down due to lack of volume. However, the Coinflip Order represents a watershed in the development of virtual currencies, as it is the first time that the CFTC has affirmatively asserted that Bitcoin and other virtual currencies are “properly defined as commodities” and that the CFTC has jurisdiction over Bitcoin Derivatives.