The CBOT just fined a firm $350K and imposed a $9,715 disgorgement - that is right they made $9,715 on the trade and got fined $350K. The fine was the old familiar "failure to supervise" because it " failed to diligently supervise its traders in the conduct of their business relating to the Exchange by failing to give sufficient guidance and adequately train its employees on how to comply with its riskless principal mandate without pre-hedging block trades."

The facts are that the firm was invited multiple times to participate in a block trade with a customer. The company had a "riskless mandate in effect." The concept of a riskless principal on a block trade - i.e., consummating a block trade with the customer while having a market transaction that offsets the customer trade - is that banks even include in their block trading and best execution policy manuals (see the Credit Suisse Client Order Execution policy here also can be searched for online). The requirement however is that the hedge trade cannot be consummated before the client block trade is.

And that was the problem here. Traders at an affiliate of the broker consummated the offsetting trade before the customer trade - in essence, front running the customer block order. The CBOE found this happened multiple times.

You can do a block and you can do the offset - you just can't front run a customer block order. And that is how use of material non-public information can get a large fine from the CME.

​The full order is here

The CME also issued a similar disciplinary notice for an individual trader today. This does not appear to be the trader related to the order for a firm above as the dates for activity cited do not coincide and the firm violations was on CBOT and this violation was on NYMEX. This interesting point is that the stated violations are the same for roughly equivalent periods of time but the trader fine was $19K and a five day suspension of trading privileges.  The full order is here

This is in line with DCM advice to clients that the "failure to supervise" fines frequently are more severe than the fine to the individual trader. This should always be a point of focus for any firm's compliance program.

One of the more interesting problems to show up on the radar in the last six months has been an increasing number of inbound questions regarding Dodd Frank compliance questions. Quite bluntly, this had become the Sargasso Sea of consulting expertise - a lot of old flotsam and jetsam (I just love old maritime law terms) waiting for someone to come by and claim it. And it appears that day has come.
The interest seems to be arising from two areas - first, the renewable power space is moving away from bank inter mediated trades  to direct developer to consumer (especially large corporate) trades. These trades are increasingly not Power Purchase Agreements ("PPAs") which are considered physical and non-reportable under Dodd Frank towards Virtual Power Purchase Agreements ("VPPAs") which are reportable. That brings a whole new range of participants into the reporting world. I see a number of firms recommending hiring a third party reporting entity - DCM's advice is that this may be overkill and and unnecessary expense.
The second area is non-US entities becoming more involved in the US swap market. The reduction in liquidity for OTC swaps has created a business opportunity for firms that feel they have the capital and knowledge to capture customer business that may require reportable components to the transaction. In many cases, they come from jurisdictions where the equivalent of the swap dealer de minimis calculation have significantly different inclusion of financial products. The greatest challenge appears to be translating what is required and how industry standard practices apply to these companies in the US environment. Some companies have found they can adopt existing non-US compliance processes with a reduction in process complexity rather than building new processes from scratch.
So, from the ashes of the USA compliance consulting environment, Dodd Frank may arise anew for the commodity market. We are not sure this is necessarily the ascent of a great new world but it does mean there may be changes in the offing for financial products the US commodity markets.

I have been asked by multiple clients and industry contacts to define "conduct compliance" and why they should care. Much of my response comes from my history of working on a trading desk and as a risk consultant - the vast majority of my work has been what I call trading compliance. I see that as working to prevent the few bad apples at the bottom of the barrel for spoiling the bunch. You all know the stereotype - the compliance officer having to dig through numbers to figure out how the devious trader is getting around the rules.

But conduct compliance is different - to the trading compliance consultant it feels "squishy", less analytical. But it is a real thing. The best I can describe my concept of conduct compliance is that it is the system to assure that the other 95+ percent of the employees - the earnest, want to do right employees - don't do bad things because they believe the organization wants them - or their manger instructs them - to do bad things. Think of most of the major "conduct" fines we have seen in the last years - Enron, Wells Fargo and the LIBOR cases come to mind. In all of them, the organization at some level embraced and encouraged and compensated the staff for heading into what were, at best, very murky waters. At worst, they encouraged and drove blatantly criminal activity activity.

In a number of these cases, the employees indicated their direct, one level above manager, or even the person the were replacing led them to believe their performance and possibly job retention would be premised on doing questionable things or it was "just the way we do things". The employees likely would not have done these things on their own - they felt it was part of their job description. And that is where conduct compliance comes to play - it is trying to ascertain whether the organization, at some level, is driving the improper behavior either explicitly or, more difficult to determine, by inference.

And that is why conduct compliance gets "squishier". How do you measure the inferred pressure on the employees by their manager? If questioned, will the manager say "of course I said no such things. Who is saying that about me?" And we all know what happens to the poor employee that reported that the boss was pushing them to open fake accounts.

And that is the problem with conduct compliance - how do you find the root cause of a problem caused by interpersonal communication rather than market conduct you can observe from an analytical model? 

And the new Dept of Justice compliance program guidelines - blogged by DCM and available lower on this page - speaks to this "culture of compliance" and even asks whether employee sentiment on the commitment to compliance has been surveyed as an indicator of an effective compliance program. This is a foundation of conduct compliance - does the employee feel safe to question perceived pressure to behave unethically or improperly and will the organization protect the employee from the potential blow back from their supervisor when questions arise?

Let's be honest - any low level employee in a secure job is going to be very reluctant to rock the boat when the first indication start - it is too easy to say "my boss didn't mean that" or "I can just ignore that". That works until it doesn't.  How does senior management really know that employees feel safe from repercussions of challenging these pressures?

Here is a simple structure to start from - operational management cares about how much money was made; risk management cares about how much money was at risk to make the money and was the potential downside managed; and compliance management is about understanding the manner in which the money was made and whether the "why money was made" fits with the corporate culture. Do the lower level employees really feel senior management cares about whether the P&L was brought about by unethical behavior and would protect someone from pointing out where someone is cutting corners? If senior management assumes everyone feels safe, then they don't really have a handle on conduct compliance for their firm.

Conduct compliance is about knowing that the how money was made fits with the corporate rules of what is an acceptable way to make money. If a firm says ok to money made in a manner that would cause a problem when repeated on a TV interview, you have a conduct compliance issue.

I hope that helps differentiate between conduct and trading compliance. The conduct compliance issue tends to expand with the scale of the company - the more layers, the more possibilities for the message to get garbled before it gets to the boots on the ground, so to speak

.
Today The ICE issued a disciplinary notice to Macquarie Energy LLC regarding orders entered in the ERCOT North 345 KV Real Time Off Peak contract that "made it seem to other market participants that an advantageous buying opportunity was available in the Peak Future". The interesting point is that the individual - referred to as "former employee" - " initiated this conduct after he unknowingly fell victim to the same circumstances he then caused to occur. The problem was that there was a chance to misunderstand high off peak offers  as attractive on peak offers. It would infer that the trader had bought off peak at a high price by misreading the offer. The former employee intended to prove the point that he was dissatisfied with the price adjustment provided by ICE Operations in accordance with the Exchange’s Error Policy after executing a series of trades in a wrong market." This means that the trader felt there was a structure that would cause market participants to misunderstand their risk 
Macquarie was also hit for failure to supervise as, while they had compliance and surveillance in place that oversaw this individual , they may not have had oversight adequate to assure the individual was acting in accordance with exchange rules. The total fine was $250,000. The total notice is here 
This is an interesting case because the notice reads that the employee entered the orders in knowingly and with the intent that other traders would make the same mistake he made. It also reads that the trader was trying to make a point that directly to The ICE by way of other traders - and potentially to make other traders also angry at The ICE> If nothing else, if the trader felt he suffered harm from The ICE's error policy, then he was acting to have other participants also incur that harm.
This points out three things:

• first, willful activity by a trader that negatively impacts other market participants is something a company has an obligation to discover; and
• second, traders should be trained to escalate issues with exchange operations to management and compliance for resolution - if you have a beef with the exchange, get management involved - personal vendettas against the exchange are career limiting moves; and
• third, compliance has to realize that trade operational errors should be noted to the compliance team because the impact of an operational error - with an exchange or a third party - can cause a trader reaction in response that has serious negative impacts on the company.

​The corresponding trader disciplinary notice is here. The description is mostly the same but does indicate "As a result, in some instances, Alexander caused participants to believe they were transacting in the Peak Future, when in reality, they transacted in the Off-Peak Future, and subsequently to report the trades as an error, which resulted in significant price adjustments from the price at which they originally traded." This specifically points out the disruptive nature of the activiities.
The trader was fined $85K and suspended from the exchange for 9 months.

The CME issued a summary action against an individual today for "reckless disregard for the adverse impact on the orderly conduct of trading." In this instance, the individual had "large positions" in Live Cattle and Feeder Cattle futures. He entered orders during the post settlement period that "exceeded all the quantity in five visible levels of the order book in relatively short periods of time and resulted in significant and disruptive price movements." The exchange noted that the individual should have known the orders were visible to the market and would cause the price movements observed after the orders were placed. The fine was $20 and a suspension from market access for 20 days. The order is here - https://www.cmegroup.com/notices/disciplinary/2019/05/CME-17-0755-BC-CODY-EASTERDAY.html#pageNumber=1
Please note there are a couple different things to unpack here:
first, the order indicates the trader should have known the relative size of the order versus the existing visible screen liquidity. This should mean to any trader that the exchange expects you to take into account market liquidity when determining the appropriate size of visible orders; and 'second, the issue was using a visible order book. The exchange allows block trades for a reason. A primary reason is to allow an escape valve for exactly this situation - the need, or desire, to execute a very large trade in a less liquid market. Use of a block trade allows the order to get executed in a manner that reflect but does not disrupt the market. Firms or traders that can anticipate the need to execute large orders should understand the availability of brokered or direct block trades, the reporting requirements for the different types (including method of reporting and reporting time windows), and the authorities required so as to have a pre-approved method for avoiding this situation, and
finally, firms and individuals should have a firm handle on their open positions and time period for closing these transactions and plan for closing positions in a manner that conforms to exchange rules.

DCM LLC provides a full line of consulting services for participants in commodity markets with special expertise in risk, compliance and trade surveillance.

Friday, the CBOT issued a rule, effective June 2 for June 3, 2019 trades, changing the rules on delivery for corn, soybeans and wheat. The Army Corps has announced maintenance work in 2020 on the Illinois River that will heavily impact barge traffic in the Mid-Continent. That caused the CBOT to review its rules on barge load out procedures - specifically 
            "Due to the anticipated closure, the Exchange reviewed the language in Rule 703.C.G.(9) and found it to be outdated. Rule                    703.C.G.(9) stipulates specific barge freight to be paid by the taker to the maker of delivery under this rule. However, since                barge freight has become significantly more expensive in the last two decades, the amount specified in Rule 703.C.G.(9) is                  no longer relevant. "
In response, the CBOT changed Rule C.G.(9) to remove all fixed barge load out fees  and substituted "current barge freight rates as the applicable fee. This is likely to insert a degree of price volatility in certain situations that many firms currently do not consider as a risk. 
​Another small example of how market regulation notices can have a spill over effect into risk management concerns.

While the CFTC recently published guidance on how an investigation is managed, DCM believes the Department of Justice updated its guidelines to prosecutors on evaluating a corporate compliance program published two weeks ago is more critical to compliance operations.  The DOJ guidance talks to what DOJ expects a firm to be doing when they consider acting against that firm.What does that mean?

This is the document that is supposed to inform a prosecutor in a criminal case as to how the review a company's compliance program should impact the "charging decision or resolution" as to whether the company is to be charged with a crime, a plea deal is to be agreed to or sentencing for a crime. Let's unpack this - as a consultant, I note that this could mean the level of a compliance program could impact whether a company is even charged for a crime. So, a compliance program that meets the guidance could not just reduce my sentence but has at least the potential to keep me out of court. That sounds like a reputational risk win right there.
​
This guidance is a significant expansion of the prior guidance – from 9 to 19 pages. It does follow basically the same structure as prior guidance but with a lot of new pieces. It also shifts away from a foundation of what did the company do to find underlying misconduct in a specific instance to whether the compliance program as a whole is well founded.

The new guidance has fundamentally altered the structure of the guidance from the original edition. The prior guidance has a single introduction and then listed eleven topics. The new guidance asks three basic questions:

1. “Is the corporation’s compliance program well designed?”; and
2.  “Is the program being applied earnestly and in good faith?” In other words, is the program being implemented effectively; and
3.  “Does the corporation’s compliance program work” in practice? 

The guidance then groups the original eleven sections under these three questions – shifting the impact from illustrating specific topics to consider towards integrating these topics into an illustration of how each topic reflects upon one of these questions. For example, the topic “Senior and Middle Management” is now “Commitment by Senior and Middle Management” under “Is the program being applied earnestly and in good faith?”. This lends new focus onto how the DOJ would consider failures in this area reflect on its review of the program.

In general, the guidance now stresses that "policies and procedures – from appropriate assignments of responsibility, to training programs, to systems of incentives and discipline – that ensure the compliance program is (sic) well-integrated into the company’s operations and workforce."  The prior guidance spoke to whether there were “applicable procedures to prohibit the misconduct” – this was focused on whether there was a procedure to prohibit the misconduct being looked at, not a systemic view of the program. This really means that:

• Would the policies and procedures cover the risks the company perceives, not just the activity in question:
  • A key point that comes out is that a compliance program that targets high risk areas while being less comprehensive on low risk areas can still be used to a company's credit. Another point is that the guidance also makes an interesting distinction between high risk, large items - " (for instance, a large-dollar contract with a government agency in a high-risk country" - and lower risk items - "more modest and routine hospitality and entertainment". This later point could shift some effort away from areas that many firms spend significant resources managing.
• The policies and procedures you have need to be the ones that people in your company are actually doing.
  • DCM has observed that often the written documents are too multitudinous and cumbersome to keep current. This could be a become a major gap – it is better to keep processes clear and concise and, if necessary, refer to desk manuals as the proper procedure documentation. It is common that desk manuals are maintained more effectively than centrally maintained procedure manuals or written supervisory procedures.
    
    

“Is the corporation’s compliance program well designed?”
 
The DOJ has grouped six sections from the prior guidance under this specific area and now done a fairly deep dive into how effective and current the company assessment of compliance risk is. It has retained six specific areas of focus on program design but has shifted some of the operational impacts: ​

• Risk Assessment
• Policies and Procedures
• Training and Communications
• Confidential Reporting Structure and Investigation Process (Internal whistle blowing process)
• Third Party Management (FCPA and ABL covered here)
• Mergers and Acquisitions (pre-analysis of any compliance issues in target company)

Risk Assessment
The guidance is looking for regular updates of the risk assessment and then the ability to track changes in the risk assessment to changes in policies and procedures - many companies have very tenuous documentation of the connection between updated compliance risk assessments and the policies and procedures that are adjusted due to that assessment and why. The guidance also points to metrics – both in tracking misconduct and how it loops back to inform the compliance program.

• From DCM’s point of view, this indicates the DOJ is focusing on how the risk assessment is used to develop key compliance metrics to track operations and inform management as to potential issues. One observed example at clients is significant reductions in customer complaints – does the metric indicate whether the issue is a reduction in incoming complaints or an indication of increasing failure to record complaints. This has been seen in instances – and the regulators frown on systems that don’t inform management of these types of occurrences.

 
Policies and Procedures
The guidance conforms to fairly standard industry practices for code of conduct, tone from the top, and comprehensiveness. A couple points are worth noting:

• The guidance does ask about the companies process for policy and procedures design and it now asks whether the process has changed over time - that later point is not always one companies look at. No changes may mean that the review is just “going through the motions” and not actually focusing on whether the existing design process works;
• The guidance has added a section about whether there is process for monitoring the legal and regulatory landscape underpinning the policies and procedures - this is something being developed in global banks but that isn't always documented well for roles and responsibilities in non-bank environments.
  • DCM has noted the roles and responsibilities for this requirement is not always documented in the processes and procedures.
• The guidance has included a reference to linguistic “or other barriers” to foreign employees as whether the policies and procedures are communicated to "relevant employees and third parties". This is something that has not been observed as a specific point of concern in the past.

Training and Communications
Every company has some training program. However, ​ the guidance raises new points that are not always included in a company's program. These include:

• The idea that a company should consider supplemental or different training for supervisory staff
  • Most programs DCM observes have no supplement for senior staff
• The guidance now has references to looking at what is the form and format of training - what is in-person and what is online and the rationale for choosing a specific format.
• Is there testing for comprehension and what action is there is an employee fails (my experience is most on line training allows you to keep retaking until you pass - will that really meet this standard?)

Confidential Reporting Structure and Investigation Process (Internal whistle blowing process)
The guidance addresses internal communication of compliance issues by employees. This section actually speaks to the issues most commonly being addressed by larger firms. Specific new points are:

• How is the process publicized to staff and has it been used – this would indicate the DOJ would be curious if there have never been any referrals under the reporting system and whether that is an indication staff are subtly discouraged from using the system
• The guidance now asks about the process of determining who will conduct an investigation and make the determinations for the investigation
• The guidance changes the question of response in this area from one looking at root cause analysis to looking at metrics of timing of the investigation and accountability for actions based on the results – previous guidance talked to how the investigation response process had worked and reporting up chain.
• The guidance adds an entirely new section on resourcing the reporting and investigation process – is it adequately funded and resourced? Is there a system for using reporting and investigation systems for analysis and reporting metrics? How does this system feed back to the entire compliance program to inform regarding compliance weaknesses?

Third Party Management (FCPA and ABL covered here)
The guidance has already brought bribery and corruption issues into compliance programs here. Much of the content is similar. The new guidance does amplify a couple topics:

• Rather than just looking at the instances of specific misconduct, does the company track red flags from due diligence and does the company have audit rights to examine the books of third parties it retains (and has it actually performed audits)?
• Does the company track third parties that have been red flagged and terminated in due diligence and how does the company assure they are not rehired?
  • Again, the guidance moves from a how do you find misconduct to how do you track it and make sure it doesn’t circle back and happen again?

Mergers and Acquisitions:
The specific points addressed in the guidance did not change from the prior guidance. There is an introductory statement that does include the caution that
“Flawed or incomplete due diligence can allow misconduct to continue at the target company, causing resulting harm to a business’s profitability and reputation and risking civil and criminal liability.  
The extent to which a company subjects its acquisition targets to appropriate scrutiny is indicative of whether its compliance program is, as implemented, able to effectively enforce its internal controls and remediate misconduct at all levels of the organization.”

• DCM has noted that pre-merger compliance reviews are rarely performed. This has been a point the DCM principals have raised in multiple client contacts – we recognize that this is an impediment to a swift close, which the parties and their advisors are focused on. The DOJ is noting this is an issue that should be addressed early or it may be considered a signal that compliance is not really a central focus of company management.

 “Is the program being applied earnestly and in good faith?”
The guidance has grouped three areas in the section regarding earnest and good faith implementation:

• Commitment of Senior and Middle Management
• Autonomy and Resources
• Incentives and Disciplinary Measures

The point of the guidance addresses here is very clear as it states:
“Even a well-designed compliance program may be unsuccessful in practice if implementation is lax or ineffective.  Prosecutors are instructed to probe specifically whether a compliance program is a “paper program” or one “implemented, reviewed, and revised, as appropriate, in an effective manner".

• The point about the paper program is very well taken. DCM staff have observed programs where there are libraries of controls with matrices of coverage – only to discover during testing that a large proportion of the controls have been modified, eliminated, or merged. The point of this emphasis is that the actuality and documentation of what a compliance program covers needs to match what senior management are being told it covers.

Commitment of Senior and Middle Management:
There is a new discussion to head this section – all addressing the need for tone from the top and leadership for compliance to be effective.

• One point to note is the inclusion of whether senior management has set a tone for compliance actions in regards to whether they “demonstrated rigorous adherence by example”
  • DCM recognizes that this is a difficult topic for many companies but it should be noted that it was specifically referred to in the guidance.
• The guidance also now addresses management pressures due to financial objectives: “Have managers tolerated greater compliance risks in pursuit of new business or greater revenues?  Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?” The guidance follows up with the question “Have they persisted in that commitment in the face of competing interests or business objectives?”
  • In light of recent penalties in the banking industry, DCM would recommend that companies consider compliance risk assessments for all new business as well as heightened compliance oversight in areas of underperforming operations. It may even be appropriate to perform a compliance audit in areas where an underperforming operation has experienced a rapid turnaround – even if the underlying justification for the turnaround is cost cutting. Cost cutting and performance pressures on remaining staff can caused unintended misconduct.

Autonomy and Resources
This is an area where the focus of the guidance shifted significantly between the original guidance and the new guidance. The original guidance spoke the compliance role in terms of operational activities, their stature (titles, compensation, reporting lines), and funding and resources. Those topics still appear but a new focus on the role of compliance at the management level – engagement of compliance at a strategic level. Questions concerning compliance's input on transactions or deals and whether it has been responded to, up to and including having transactions or deals stopped by compliance.

• Another area that the guidance raises is the commitment of compliance management and staff to their compliance roles – do they have other non-compliance roles and responsibilities? Are they either distracted or overloaded and not performing the compliance function appropriately?
  • DCM understands that smaller firms have a logical rationale for embedding or at least significantly aligning the compliance function with the risk oversight function. The guidance does not appear to eliminate that possibility but it would indicate that the roles and responsibilities should be allocated in light of compliance department needs to assure appropriate resourcing.
• The guidance for the first time inquires as to the reviews of the performance of the compliance function and who performs the reviews? The discussion specifically references internal audit – “Prosecutors should evaluate whether “internal audit functions [are] conducted at a level sufficient to ensure their independence and accuracy,” as an indicator of whether compliance personnel are in fact empowered and positioned to “effectively detect and prevent misconduct.””
  • DCM staff have participated in a number of reviews of compliance controls being performed for prudential regulators. The range of skills – especially concerning data quality and data analysis – may not be available within the firm’s internal audit function.

Incentives and Disciplinary Measures
The prior guidance focused primarily on whether the incentives and compensation incentivized bad behavior – the new guidance expands that focus to include looking at whether incentive structure incentivizes ethical behavior (not always easy to effectuate).
The prior guidance also focused on the specific misconduct being examined and the follow through for that instance. The new guidance focuses more on the process itself – is it consistent, has the company looked to identify instances where the process is applied inconsistently.

The new guidance calls this area “a hallmark of an effective implementation”. It even notes “Some companies have even made compliance a significant metric for management bonuses and/or have made working on compliance a means of career advancement.”

• While the topic areas are the same, the discussion is greatly expanded. One key question that occurs multiple times in this section is are process, decisions, and disciplinary actions applied consistently in each instance and across the organization?
  • DCM has observed some organizations with a specific set of metrics for escalation and response to compliance violations. However, the systems rarely track the decisions not to escalate and have metrics for how those decisions were made. This is a very difficult area because the decision not to escalate is frequently made at the desk level – consistency is going to be difficult to monitor in very large organizations. But this appears to be a point of significant interest to the DOJ.
• The new guidance asks whether there are “pre-textual reasons ... provided to protect the company from whistleblowing or outside scrutiny” – this is specific point would indicate that the DOJ will look to see if the process is run in a way to bury issues rather than uncover them.
  • DCM recognizes this is a difficult topic for any company. This falls under the common rubric of “conduct risk” - the potential that informal practices will motivate good people to do improper things because they believe that is important to retaining their job or pleasing management.
• The new guidance has shifted the “Accountability” section from the Incentives section – within the “Is the program being applied earnestly and in good faith?” section to the Analysis and Remediation of Any Underlying Misconduct section within the next “Does the Corporation’s Compliance Program Work in Practice?” section.

 
“Does the Corporation’s Compliance Program Work in Practice?”
The discussion in the guidance here is very interesting as it incorporates two very different concepts. First, was the program working effectively at the time misconduct occurred? Second, is the program now working effectively at the time the prosecutor is considering bringing charges or proffering a sentencing recommendation? This indicates that a company’s response between the time an investigation opens and charges or a sentence are considered can have a major impact. That was not discussed in the prior guidance.

• DCM has observed differing firms that respond negatively or positively to a regulatory or legal inquiry. This guidance extends past cooperation to positive response. This has been observed in some but not all instances.

Continuous Improvement, Periodic Testing and Review
The focus is in the first line of the discussion here – “One hallmark of an effective compliance program is its capacity to improve and evolve.” This is not always the case and can be a significant burden to smaller organizations. If a small firm has a one or two-person compliance function, how does this process get managed and effectuated?

• Internal Audit – the prior guidance spoke to how audits would help uncover misconduct and what findings and communication got to the board. The new guidance talks, again, to the audit process – how are audit areas determined, how are audits conducted. This speaks to a focus less on whether a company’s internal audit function conducted reviews and more as to how do you determine whether the internal audit function was performing appropriate and effective reviews.
  • It was noted above in the Autonomy section that Internal Audit may not have the resources to conduct appropriate reviews of compliance controls. Many of these controls are very task and market specific. A company should consider whether its internal audit can appropriately review the effectiveness as well as the operation of a control.
• Evolving Updates – the new guidance adds a question to this section regarding whether the company has performed gap analysis to determine risks that are not being appropriately addressed.
  • This can just be good practice to perform periodic gap analysis to determine if the scope or composition of business activities have created gaps in compliance landscape.
• Culture of Compliance – this is an entirely new section that was absent from the prior guidance. The guidance asks whether the company actually reviews the status of its culture of compliance – does it query all levels of employees regarding their perception senior and middle management’s commitment to the culture and what have the done in response?
  • DCM has not observed this outside of very large, top tier companies. It might be something for companies to consider how they would do this and whether it would be effective

. Investigation of Misconduct
This is a completely new section in this guidance. It does capture a portion of a section called “Analysis and Remediation of Underlying Misconduct” from the prior guidance – that section has been retained in the guidance - but it has a broader coverage and focus. The prior section focused on whether root and systemic causes of the misconduct were examined, whether there were prior indications of issues, and what remediation occurred – all actions focused on the specific event.

The new guidance focuses on the investigations process – is there a “well-functioning and appropriately funded mechanism”? This speaks to an ongoing process with dedicated resources. This is not likely to occur in many smaller entities. Therefore, the real question is what would evidence an appropriate mechanism for investigations? The guidance may offer more options here:

• Properly Scoped Investigation by Qualified Personnel – the guidance calls for investigations that are “properly scoped, and were independent, objective, appropriately conducted, and properly documented”. This can be done on an ad hoc basis but a company should clearly consider these factors when confronted with an issue.
  • DCM staff have observed that all too often the investigation is directed to be quick, unobtrusive, and light on documentation. The guidance would indicate this would fail multiple sections of this guidance if prosecutors were to feel that is the case.

Analysis and Remediation of Any Underlying Misconduct
This section has been retained from the prior guidance though, as noted above, a section was moved to Investigations. It has also incorporated the “Operational Integration” section from the prior guidance. The discussion for this section focuses on whether there is a pattern of misconduct within the organization that would indicate the company has not worked to eliminate underlying causes or compliance system weaknesses that encourage misconduct. Much of the content is directly from the prior guidance.

• One indicator in the shift from event to process analysis is of an entirely new section “Prior Weaknesses” in the new guidance. The old guidance (which section is still in this guidance) asked whether there were opportunities to detect misconduct that were missed; the new guidance asks what controls failed and how they failed to detect the misconduct and whether the functions responsible for those controls have been held accountable.
  • DCM sees this as a significant shift – it presumes you would have controls in place to detect misconduct and there is a punishable failure, as opposed to a missed opportunity, and the guidance asks whether there has been accountability assessed. This could be interpreted to mean the guidance asks who has been punished for the failure and how as part of the charging and sentencing guidance.
• As noted above, the Accountability section was incorporated in this portion of the guidance as opposed to being under Incentives.

In general, DCM believes the guidance makes five major points:

1. Tone from the top includes the example set by senior and middle management – not just what the emails say.
2. Compliance needs to be uniformly applied – special circumstance exceptions will be an indicator of an inadequate compliance function, not business norms;
3. Compliance needs to be an integrated process, not a set of one-off actions in response to crises;
4. Compliance function staffing and resources should be justifiable at the level they are set;
5. Effective review and improvement of the compliance function is an important factor under the guidance.

 
DCM LLC provides ongoing blog posts on regulatory and compliance issues and can provide a full suite of trade surveillance and compliance services -as well as strategic and commercial services to the commodity trading marketplace. Please see us at www.sourcingcommodity.com

Today, the CME issued a notice that effective May 19, for trading on May 20, it will be expanding the TAS trading on the NYMEX Henry Hub contract from the current availability of the spot month plus months two through seven to the spot month and months two through twelve. As always, TAS trades are not allowed on the last trading day of the spot month contract. 
As TAS trades are intended to reduce the execution risk of matching the day's settlement price, expansion of the range of month's available for TAS orders and execution could match risk management activities easier to manage.
​The full CME notice is here.

On March 28, the CME issued SER #8299 - the report is here. This report sets forth proposals (still subject to CFTC review) that would modify its Rule 855 that allows offsetting of certain energy spread trades against open positions in the underlying individual contracts. The rule previously set forth a limited number of energy contracts covered by this provision, there is now an expanded number of contracts eligible for these offsets. The contracts are listed in a table attached to the report and are primarily directed towards allowing mini and micro contracts to be offset against the standard futures contract for the same product - though in some instances, the offset is between the standard future and a look-alike future.
More importantly, the NYMEX rule used to read "offset and liquidate". The new rules has removed "and liquidate" from the proposed wording. This would expand the allowable structures for carrying offsetting long and short positions without immediate liquidation, something firms may find advantageous. The other positive impact is that the offset allows a reduction in capital requirements associated with the open positions.
The report indicates the revised Rule 855 is to go into effect on April 15, 2019, subject to any CFTC review periods.

In a pair of linked cases issued today, the CME fined a company $75K total for entering  "Lean Hogs, Feeder Cattle and Live Cattle spread futures orders on CME Globex during the pre‐opening period that were not made for the purpose of executing bona fide transactions, but instead to identify the depth of the order book." They noted the orders caused the indicative opening price to fluctuate. They issued an order for the Trader for very similar actions - in the same markets - for trades in a different year.
As DCM has been noting, the company got the bigger fine - $75K - for failure to train and supervise. This is a common them - if you don't have a track record of effective training and oversight, the company is considered to be at least allowing - if not encouraging - inappropriate behavior. The notice is here
Many firms train about manipulative behavior during market trading but don't always stress that the pre-open is still observed for disruptive trading. In many instances, with the reduced activity in the pre-open, the pre-open may be easier for the exchanges to see the impact of transient orders.
In the case covering the same issue, the trader was fined $20K and suspended from any market access for ten days.  The notice is here 
This occurred several years after the corporate case - an indication that this is an ongoing concern that the exchanges watch for. There had been previous cases in the agricultural markets with even larger fines for just a small number of pre-open disruptive trading action.