On 10 January, the SEC Division of Examinations (Division) published a Risk Alert presenting findings from its examinations of and outreach to security-based swap dealers (SBSDs). The SEC Risk Alert marks the first time the SEC has provided observations related to SBSD examinations, which began in 2022. These observations represent early findings; a reminder to SBSD registrants of their obligations and of the expectation that they consider improvements to their compliance programs as may be appropriate. The observations are similar to findings consistently presented by the National Futures Association (NFA) in its swap dealer (SD) examinations.

SBSD Rules

Section 15F of the Securities Exchange Act required the SEC to establish rules providing for the registration of SBSDs and major security-based swap participants (MSBSPs)[1] (together SBS Entities). Since October 2021, SBS Entities that exceed a de minimis threshold of security-based swap (SBS) trading activity are required to register with the SEC and maintain compliance with rules applicable to SBS Entities.[2]

The SEC Risk Alert focuses on SBSDs. Specifically, it focuses on compliance with:

• Regulation SBSR[3] – which requires the reporting and dissemination of SBS information by SBS Entities to a registered security-based swap data repository (SBSDR);
• Certain Business Conduct Standards requirements with a focus on requirements relating to supervision;
• Certain SBS trading relationship documentation and portfolio reconciliation provisions; and
• Certain recordkeeping requirements.

Division Observations

Regulation SBSR

Compliance issues related to the reporting and dissemination of SBS information by SBSDs to SBSDRs is a major focus of the SEC Risk Alert. The Division found that some SBSDs failed to report certain SBS trade data within the required timeframes, reported inaccurate primary trade information,[4] and reported inaccurate and incomplete secondary trade information.[5] The Division attributed these reporting failures to weak internal controls for ensuring information reported was accurate and a lack of procedures to identify and correct errors. These failures align with common compliance issues facing SD registrants under the CFTC’s SD regulatory regime, which sets forth analogous regulation requirements for SDs. Indeed, the SEC allows SBSDs to follow certain CFTC swap reporting and public dissemination protocols and apply them to SBS reporting.[6]

Complete and accurate swaps reporting has been a challenge for the industry over the last decade.  Many jurisdictions have diverging swap data reporting regimes despite efforts to harmonize trade data globally.  Furthermore, the existing trade reporting regulatory landscape continues to evolve considerably – both abroad[7] and in the US.[8]  The most recent CFTC trade reporting amendments – the CFTC re-write[9] of swap data recordkeeping and reporting requirements in December 2022, which includes the upcoming requirement for the reporting of the unique product identifier (UPI)[10]  beginning January 29, 2024 – will continue to add to the pressures on internal operations, compliance, and information technology teams to remain compliant with trade reporting regulations.

Business Conduct Requirements

The Division highlighted observations relating to business conduct standards requirements, including SBSD failures to identify all associated persons (APs), thereby failing to satisfy their obligations to supervise all APs as required under Securities Exchange Act rules. Further, the Division observed that certain entities failed to establish policies and procedures including those to:

• Prevent the supervisory system from being compromised due to conflicts of interest within reporting lines;
• Provide for reviews by supervisors of APs’ correspondence with SBS counterparties or potential SBS counterparties;
• Supervise AP trading activity at other financial institutions;
• Require an annual review of the SBS business ensuring it is reasonably designed to assist in detecting and preventing violations of applicable federal securities laws and regulations; and
• Ensure review by supervisors of certain SBS transactions.

SBSD rules relating to supervision[11] are more prescriptive than those under the CFTC SD regime in that they set out minimum requirements[12]  for a supervisory system. The enumerated observations in the SEC Risk Alert all relate specifically to minimum requirements outlined in the SEC rules. Although supervisory failures are common CFTC and NFA findings, they tend to be coupled with deficiencies in other rule areas.[13] SBSDs should review the minimum supervision requirements outlined in the SBSD rules to ensure their written policies and procedures specifically address each of the minimum requirements outlined in the rule.

SBS Trading Relationship Documentation and Portfolio Reconciliation

The Division found that certain SBSDs failed to complete the required periodic audit of SBS swap trading relationship documentation (STRD) policies and procedures and to record the required written approval by a senior officer of STRD policies and procedures, including amendments thereto. In addition, the Division highlighted failures by SBSDs to establish written agreements between the SBSDs and their counterparties on the terms of portfolio reconciliation, including terms relating to the method of reconciliation, such as negative consent. The CFTC has identical STRD and portfolio reconciliation agreement requirements.[14] For portfolio reconciliation, dual SD/SBSD registrants often leverage the same documentation to agree on the terms and method of reconciliation. SBSDs should ensure they established a framework for a periodic audit, and senior officer approval, of their STRD policies and procedures.  They should also review their process to establish their agreement with counterparties on the terms for portfolio reconciliation.[15]

Recordkeeping

The Division noted failures to consistently make and keep current complete and accurate records. Trade blotters, counterparty listings, and AP listings were provided as examples of recordkeeping failures. The records highlighted in the SEC Risk Alert must also be maintained under the CFTC SD regulatory regime.

Conclusion

The Division’s conclusion makes it clear that SBSDs should assess the observations in the alert, evaluate whether their policies and procedures meet the SEC’s expectations, and make improvements as required. It also calls for SBSDs to bolster their policies, procedures, and internal controls relating to Regulation SBSR compliance.

Put Patomak’s Expertise to Work

Patomak has deep experience in designing and assessing compliance programs at banks, swap dealers, broker-dealers, digital asset trading platforms, futures commission merchants, and other financial firms. If you’d like to learn more about how Patomak can partner with you, contact Jill Sommers (jsommers@patomak.com), Sudhir Jain (sjain@patomak.com), Anne Montminy (amontminy@patomak.com), or Tim Brown (tbrown@patomak.com).

Table 1

[1] Currently there are no registered MSBSPs.

[2] Provisions relating to the regulation and registration of SBSDs can be found here: 17 CFR Part 240 Subpart A – Registration and Regulation of Security-based Swap Dealers and Major Security-based Swap Participants.

[3] With respect to Regulation SBSR, the SEC has issued no-action relief providing generally that, if registered SDRs and their participants follow the CFTC’s swap reporting and public dissemination protocols and apply them to security-based swap reporting, there will be no basis for SEC enforcement with respect to certain provisions of Regulation SBSR that differ from the relevant CFTC rules (i.e., Parts 43 and 45). See, Exchange Act Release No. 87780 (Dec. 18, 2019), 85 FR 6270, 6346-49 (Feb. 4, 2020)

[4] The Division specifically references inaccurate notional amounts (including amounts that are not economically possible) and incorrect underlying asset information (e.g., International Securities Identification Number or ISIN).

[5] Such as reporting internal identifiers for counterparties when they were not appropriate (e.g., they did not involve privacy laws or natural persons), and incomplete buyer, seller, receiver, or payer fields.

[6] See footnote 3, above.

[7] For example, EU EMIR REFIT will come into force on 29 April 2024 and UK EMIR REFIT will come into force 5 months later, on 30 September 2024.

[8] The regulators are not showing any signs of relenting: The CFTC, on December 12, announced it is considering more amendments to Part 43 and 45 in a noticed of proposed rulemaking.  See Patomak Insights, CFTC Proposes Amendments to Reporting Requirements Including a 37% Increase in the Number of Reportable Fields.

[9] Final Rule, Swap Data Recordkeeping and Reporting Requirements, 85 Fed. Reg. 75503 (Nov. 25, 2020); Final Rule, Real-Time Public Reporting Requirements, 85 Fed. Reg. 75422 (Nov. 25, 2020); and Final Rule, Certain Swap Data Repository and Data Reporting Regulations, 85 Fed. Reg. 75601 (Nov. 25, 2020) (together the “Amendments” or “CFTC-re-write”).

[10] For all asset classes except for commodities. See, Order Designating the Unique Product Identifier and Product Classification System To Be Used in Recordkeeping and Swap Data Reporting.

[11]  17 CFR 240.15Fh-3(h).

[12] 240.15Fh-3(h)(2) sets out specific minimum requirements relating to i), the designation of a supervisor; ii) the qualifications of supervisors; and iii) the establishment and maintenance of written procedures that at a minimum that: a) include the review by a supervisor of transactions, b) include the review by a supervisor of incoming and outgoing written communications, c) include a periodic (at least annual) review of the SBS business that is designed to assist in detecting rule violations, d) include a good character, reputation and qualifications assessment of APs, e) include an assessment whether to allow APs to establish or maintain a securities/commodities account or trading relationship in the name of/FBO such AP at another financial institution, f) include a description of the supervisory system including titles, qualifications, locations and responsibilities of supervisory persons; g) include, in regard to APs who perform supervisory functions, a prohibition against them supervising their own activities or reporting to, or having their compensation or continued employment determined by, person(s) they are supervising, h) are reasonably designed to prevent the supervisory system from being compromised due to conflicts of interest that may be present including the revenue such person generates for the SBSD or compensation the supervising AP may derive from an AP, i) are reasonably designed, taking into consideration the nature of such SBSD’s business, to comply with the duties set forth in section 15F(j).

[13] The CFTC SD’s “diligent supervision” provision is CFTC Regulation 23.602.

[14] See, CFTC regulation 17 CFR 23.504(c) (STRD audit)  17 CFR 23.504(a)(2) (senior officer approval) and 17 CFR 23.502(b)(1) (agreement in writing on the terms of portfolio reconciliation).

[15] One way to agree on the method of reconciliation is by adherence to the ISDA March 2013 DF Protocol and the ISDA 2021 SBS Top-Up Protocol. Firms should ensure the questionnaires associated with these protocols, specifically those relating to portfolio reconciliation, are being populated adequately by their counterparties.