Firms Need to Weigh in on CFTC Notice of Proposed Rulemaking for Risk Management Requirements

, ,

On June 1, 2023, the Commodity Futures Trading Commission (CFTC) published the much-awaited advanced notice of proposed rulemaking (ANPRM) seeking public comment on potential amendments to the risk management program (RMP) requirements in CFTC regulations 23.600 and 1.11 applicable to swap dealers (SD) and futures commission merchants (FCM) respectively.

The ANPRM is segmented into four distinct topic areas:

  1. RMP Governance
  2. Enumerated Risks in the RMP Regulations
  3. Periodic Risk Exposure Reporting
  4. Other Areas of Risk.

RMP Governance

The first topic, RMP Governance, centers on 17 Code of Federal Regulations (“CFR”) 23.600(a), (b), and 17 CFR 1.11, which prescribes how an SD / FCM must structure and govern its RMP. In general terms, the regulation sets forth various definitions (i.e., business trading unit, governing body, senior management, etc.) and requires SDs / FCMs to memorialize its RMP through written policies and procedures.

The CFTC seeks comment on the RMP structure and related governance requirements. The CFTC asks seven targeted questions ranging from expanding or redefining definitions of key terms (e.g., governing body), specifically addressing/discussing reporting lines within the risk management unit (RMU), adoptions of qualifications for certain risk personnel, further clarifying RMU independence and conflicts of interest, and harmonization with other regulatory authorities.

Not surprising but one of the more interesting aspects of the questions includes the reference to other regulatory regimes and harmonizing CFTC rules with risk management practices prescribed by prudential regulators. Although an expansion or amendment of definitions and qualification requirements by itself may not be onerous to firms, expanding risk management requirements to be more like institutions regulated by the Office of the Comptroller of the Currency (OCC) / Federal Reserve Board (FRB) would likely impact SDs and FCMs in a substantial way, particularly those that are not banks or part of a banking family. The impact could mean an increase in 2nd and 3rd line resources and other changes that may require enhancements to a firm’s risk and control environment more reflective of traditional banks.

Enumerated Risks in the RMP

In the second topic on enumerated risks in the RMP regulations, the CFTC seeks comment on whether definitions should be added for the enumerated risks, and if there are risks that are not enumerated and should be. The CFTC asks seven targeted questions ranging from amending Futures Commission Merchant (FCM) regulations to explicitly require policies and procedures to address all enumerated risks (as opposed to only segregation, capital, and operational risks as is currently required), clarification related to model validation activities, expanding SD risk management expectations surrounding over-collateralization, applying consistency across 17 CFR 23 and 17 CFR 1.11, and consideration of other risks that may not be fully defined or identified such as operational risk and technological risk.

Although the proposed questions appear to be an attempt to improve consistency and clarification in the regulations, the addition and introduction of new specific risks (e.g., reputational risk, technology risk, collateral risk, and funding risks) could require firms to enhance various elements of their risk management framework. These new requirements could range from establishing new business functions, reporting requirements, or other elements that would likely impact each firm differently depending on the maturity and robustness of its risk management framework.

Periodic Risk Exposure Reporting

The third topic, periodic risk exposure reporting by SDs and FCMs, centers on quarterly risk reporting that SDs and FCMs are required to submit to the CFTC. The CFTC seeks comments on how the current risk exposure reports (RER) regime could be improved. The CFTC asks fourteen questions relevant to this concept.  The questions range from adjusting the format to align with National Futures Association risk data filings, prescribing a specific due date (e.g., a week, month, or other specific timeframes after quarter-end), and whether additional risk metrics or risk management issues should be added in the report.

The form and substance of RERs have been a subject of potential rule change for quite some time. Any change here would likely require substantial enhancements or adjustments to firm processes. For example, firms may produce internal reports for individual risk types but may not produce one single consolidated report addressing all risk stripes, particularly segregation or technology risks. For firms to create regulatory risk reports that diverge from internal risk reporting may be burdensome, which could lead to the regulatory reports lacking sufficient substance and detail.

Other Areas of Risk

The fourth and final topic, other areas of risk, centers on other RMP-related topics and specifically references the segregation of customer funds, safeguarding of collateral, and risks posed by affiliates, other lines of business, and other trading activity. The questions proposed are intended to assist the CFTC in its ongoing evaluation of whether and how RMP regulations adequately and comprehensively address risks arising from new or evolving market structures, products, and registrants.


Currently, existing SD and FCM regulations address the management of segregation risk and the safeguarding of collateral in different ways. As it relates to this sub-topic, the CFTC’s questions center on whether the existing regulations prescribe comprehensive requirements for managing risks and safeguarding counterparty collateral. The questions also reference the introduction of digital assets in the industry and ask respondents if the existing regulations address the unique risks associated with these assets or whether the CFTC should consider additional requirements.

Although existing requirements surrounding collateral are generally appropriate, these existing requirements tend to encompass collateral associated with regulatory margin requirements. As a result, other forms of collateral such as independent amount and /or non-regulatory margin are not subject to the same type of controls and standards. This provides firms with the ability to establish their own standards and controls, such as rehypothecation, acceptance of less liquid (or illiquid) assets, conservative or liberal haircuts, etc. Thus, changes to the framework around these practices and increased regulatory requirements could have varying degrees of impact on firms, such as requiring changes to relationships with counterparties through increased collateral requirements, haircuts applied, or even constraining the eligibility of certain assets.

Risks Posed by Affiliates, Lines of Business, and All Other Trading Activity

Currently, existing SD and FCM regulations require firms to consider risks posed by affiliates and related trading activity. However, considering the increase in market volatility and recent market disruptions, as well as the growth of digital asset markets, the CFTC is seeking comment generally on the risks posed by affiliates, lines of business, and other trading activity. The CFTC asks four questions on the types of risks posed by affiliates that may be unregulated or subject to alternative regulatory regimes where business activities or shared services could impact the SD / FCM financially or operationally, and more general questions surrounding whether existing regulations adequately and comprehensively address these risks.

Changes to the existing risk management requirements surrounding these activities would likely result in increased costs to firms. These costs could come in varying forms, such as through an increase in personnel and resources or requiring system infrastructure improvements.


The ANPRM provides firms with 60 days to provide comments. It is important for firms to provide feedback now as this will form the basis for potential future changes. Additionally, firms should understand that changes can potentially be substantial, depending on the unique characteristics of each individual firm. For example, if changes require increased reporting requirements over a shorter period, implementing a new process and establishing new risk metrics could be difficult and strain resources. Firms should keep abreast of developments to potential rule changes and use this time to proactively assess their risk management framework to identify any gaps or weaknesses.

Put Patomak’s Expertise to Work

Patomak has deep experience in designing and assessing risk management at banks, swap dealers, broker-dealers, digital asset trading platforms, and other financial firms. If you’d like to learn more about how Patomak can partner with you, contact Jill Sommers (, Mark Wetjen (, Sudhir Jain (, Joshua Kuntz (, or Timothy Brown (