CFTC Amends Recordkeeping Rules

and Posted on

 

On August 28, amendments recently adopted by the Commodity Futures Trading Commission (“CFTC”) to recordkeeping obligations under CFTC Rule 1.31 are scheduled to become effective.[1] The CFTC periodically updates this rule to take into account technological advances and modernize requirements for persons subject to recordkeeping obligations under the U.S. Commodity Exchange Act or the CFTC’s rules, known as “records entities.”[2] In proposing these amendments earlier this year, the CFTC acknowledged that recordkeeping has “evolved significantly” since its last overhaul of Rule 1.31 in 1999.[3]

The amended rule, which was published on May 30, does not impose any entirely new recordkeeping obligations on records entities or require that any new categories of records be created. However, it makes several important changes to the form, manner and retention period for relevant records, and otherwise streamlines the recordkeeping requirements. These changes include the following:

  • records will no longer be required to be (i) kept in their “native file format” (in other words, the format in which they were originally created) and (ii) stored in a non-rewritable / non-erasable format (commonly referred to as “WORM”, or “write once, read many”);[4]
  • external “technical consultants” will no longer be required to monitor recordkeeping obligations of persons who use only electronic media to store records and to file certain representations with the CFTC regarding access to electronic records;[5] and
  • certain record retention periods will be modified, including:
    • pre-trade swap and forward communications[6] will be required to be retained for five years from date of creation (instead of for the life of the trade plus five years); and
    • “electronic regulatory records” (discussed below) will need to be accessible to regulators (and the Department of Justice) for the entire five-year retention period, but paper records will continue to have to be readily accessible only for two years.Notably, the CFTC decided not to require records entities to establish, maintain and implement written policies and procedures reasonably designed to ensure compliance with Rule 1.31 obligations, which it had suggested in the Proposed Rule.[10] Overall, the changes in the Final Rule should allow records entities the flexibility to maintain records in more advanced and, possibly, less onerous and expensive ways.

The amended rule also makes other changes, such as replacing the anachronistic term “books and records” with “regulatory records” (of which there are two types, “paper” and “electronic”).[7] The term “electronic regulatory records” includes all regulatory records, other than those created and maintained solely on paper, as well as any data necessary to access search or display such records.[8] In addition, the amended rule imposes additional controls with respect to record retention, such as requiring that records entities establish systems and controls that ensure the authenticity and reliability of electronic regulatory records, including systems that ensure they are able to produce such records in the event of an emergency or disruption to their electronic record retention systems.[9]

Notably, the CFTC decided not to require records entities to establish, maintain and implement written policies and procedures reasonably designed to ensure compliance with Rule 1.31 obligations, which it had suggested in the Proposed Rule.[1] Overall, the changes in the Final Rule should allow records entities the flexibility to maintain records in more advanced and, possibly, less onerous and expensive ways.

[1] Final Rule, at 24481 (“The final rule, as adopted, sets forth the form and manner in which regulatory records must be kept, the retention period for various types of regulatory records, and the standards for production of regulatory records to the Commission. Given these clearly defined obligations, the Commission agrees with commenters that the requirement for written policies and procedures is unnecessary”).

[1] Recordkeeping, 82 Fed. Reg. 24479 (May 30, 2017) (the “Final Rule”). The CFTC initially proposed the recent changes to Rule 1.31 in January 2017. See Recordkeeping, 82 Fed. Reg. 6356 (Jan. 19, 2017) (the “Proposed Rule”).

[2] In light of its broad definition, the term “records entity” implicitly includes swap dealers, commodity pool operators, commodity trading advisors, derivatives clearing organizations, swap execution facilities and others (including, but not limited to, swap counterparties that are not registered swap dealers). The CFTC most recently amended Rule 1.31 in 2012 to apply the recordkeeping obligations to “swaps” in connection with the Dodd-Frank legislation. See Adaptation of Regulations to Incorporate Swaps, 77 Fed. Reg. 66288 (Nov. 2, 2012). It also amended the rule substantially in 1999, primarily to address the storage of electronic records. See Recordkeeping, 64 Fed. Reg. 28735 (May 27, 1999).

[3] Specifically, the CFTC noted the following:

[T]he Commission recognizes that recordkeeping has evolved significantly in the time since the last major revision to § 1.31 in 1999 from a paper-based system to electronically stored information systems that leverage computers, databases, and even cloud computing. Back then, most records were created and maintained on paper, but recordkeepers began to explore better ways to store information electronically. Now the paradigm has shifted, and most information is produced and stored electronically on complex systems tailored to the needs of a given recordkeeper. These advances in information technology may have rendered certain technical elements of § 1.31 obsolete or outdated.

Proposed Rule, at 6358.

[4] In proposing the elimination of these requirements, the CFTC highlighted petitioners’ assertions that they were based on programs that are no longer supported by information technology manufacturers or are outdated and obsolete. Id.

[5] As petitioners noted, the requirement to retain external technical consultants to provide electronically stored information to regulators is no longer necessary given the adequate technical in-house expertise throughout the industry, and also presents cybersecurity risks by “providing additional third parties with access to sensitive, confidential, and proprietary information.” Id.

[6] See CFTC Rules 23.202(a)(1) and (b)(1)-(3).

[7] As the CFTC noted in the Proposed Rule, “the term ‘books and records’ in the traditional sense may no longer adequately convey that [CFTC Rule] 1.31 recordkeeping obligations extend to all associated electronic data.” Proposed Rule, at 6359.

[8] See Amended CFTC Rule 1.31(a).

[9] See Amended CFTC Rule 1.31(c)(2).

[10] Final Rule, at 24481 (“The final rule, as adopted, sets forth the form and manner in which regulatory records must be kept, the retention period for various types of regulatory records, and the standards for production of regulatory records to the Commission. Given these clearly defined obligations, the [CFTC] agrees with commenters that the requirement for written policies and procedures is unnecessary.”)