It is something we find interesting at DCM - what do the trainers focus on when training staff about compliance oversight? Lawyers may tend to focus on eCommunications as much or more than on transaction oversight. Many consultants tend to focus more on the surveillance oversight piece. There is a reason for this. This can influence the importance companies place on one tool or the other. Let’s examine why they can serve complementary and important roles.
Look at how the regulators and exchanges get create the basis for an inquiry – how do they start? In today’s world, the most common starting point is by the regulator or exchange (or ISO for power or ACER for the EU) looking at transaction and order level data. This is what they have access to without ever asking your company for anything. Therefore, from the standpoint of preventing there ever being an inquiry, starting with the transaction surveillance can make a lot of sense.
However, in the past many of the inquiries (and even currently – look at OfGem’s latest fine in England) came from internal whistleblowers or, even more frequently, someone else in the market that was on the other side of whatever trading strategy or activity the inquiry covers. Remember, if someone at your desk is scalping the market in an inappropriate manner, someone is on the other side losing their scalp. And when those inquires arose (and arise), the regulators can come right in and ask you to keep everything – including your emails, phone tapes, and texts.
And, while transactions can show patterns, communications can show intent. Many of us in the industry remember pouring over the released documentation of all the Enron communications (come on, those of us in the industry at the time will admit we all searched for our own names in the files either out of curiosity or fear). And those communications did three things:

1. For the really serious violations, the ability to show intent always makes the prosecution easier and puts criminal charges in a much more winnable arena; and
2. Internal communications can drag not just the traders but any and all people up to the CEO into the morass and the criminal charges; and
3. As in the LIBOR cases, it can show collusion between and among traders across company lines – and that collusion just ups the ante on the charges.

In the natural gas index misreporting cases in the mid 1990’s, there were emails internal to firms discussing the manner in which the firm would misreport data. There were even discussions about how the book would be impacted. In the California power cases in the 2000’s, the strategy of how to use scheduling and wash trades to manipulate prices were recorded in emails and presentations. And these documents put people in jail.
And that is where eCommunications come in – they are the smoking guns of what you were thinking and who you were working with. So, what does eCommunication surveillance do?
It can attack both the “bad actor” issue as well as the “conduct risk” issues. In the bad actor case, it can show whether the trader was intending to misbehave – the “I’m going to push this close” text”. But it is really in the collaboration phase.
From the bad actor phase, eCommunications can track when a trader is writing, as one vendor calls it, “stupid s*@t”. The compliance officer’s role is to determine if the trader was one time stupid, repetitively stupid or actually recording their state of mind as they violated the rules. If it is writing stupid stuff, I would recommend the simple practice a number of CCOs I know perform when they have someone who is, shall we say, “lax” in the self-monitoring of communications.
They take a random set of emails and texts into the trader’s head of desk’s office, sit them both down and start reading them. It takes very few repetitions of this before the trader self-monitors so they don’t have to go through that again or, in the hard cases, the head of desk informs the trader that they do not want to have to go through that again.
From the “conduct risk” point of view, eCommunications oversight can monitor for situations when the head of desk is pressuring for better performance. Even if the pressure is not to do bad acts, knowing a trader is under pressure is frequently a starting point for increased transaction oversight – scared traders can be reckless traders.
So, eComm can be:

1. The starting point for finding collusive activity; or
2. Verification of intent on individual activity
3. In both cases, it can tell compliance what rocks to look under

And eCommunications is finding expanded roles in companies. Not trading firms (and trading firms) are using eComm oversight to monitor for sexual, gender, racial or other forms of harassment. Customer service centers use it for monitoring customer interactions for inappropriate behavior or bad information.
While eCommunication may not be the best way to fend off the start of a regulatory inquiry before it happens, it can be a fundamental and valuable tool in the compliance officer’s kit. And this all tracks back to the concept of how the tools are uses and what training covers.
Next week – what does eCommunications surveillance really do and what can it cover?

Yes, that question is meant to be provocative, but it has a real purpose. It is to illustrate the fundamental role that trade compliance is performing these days. The roles currently seem to be:

1. Head of Desk - in some cases their role is limited to responsibility for the strategy of making what we say we will (or hedging what we say we will hedge) and guiding that execution. In other words, how much do we intend to make and how we will say we intend to make it; and
2. Risk Management – Risk’s role is to look at how much risk you are taking to make that money and ensure you don’t take more risk than the company is willing to tolerate; and
3. Compliance - looks at what you are actually doing to make that money and why you are making trades.

The evolution of the markets has created more and more structured methods, trading strategies, and market forums to capture value. But in the end, fundamental compliance comes back to two primary questions – why are you making money and how did you make it? At the root cause, compliance issues occur when the head of desk and the management either don’t examine and control the answers to those questions, or they don’t care. Or, if the head of desk or company lets the desk activity expand beyond management’s ability to understand strategy or trade complexity or to adequately monitor the risk and that impacts management’s ability to ask those two fundamental questions – “why” and “how”. Risk will always be an integral function because the compliance question of “why” and “how” does not immediately imply they are looking at “how much can go wrong” and “are we willing to take that risk”– which are really the essential risk management questions.
The reality is compliance becomes a very simple function if the head of desk has the interest in examining the staff actions, understands them, and cares if they go off the rails. Then, the compliance function is simply to notice when someone unintentionally steps out of bounds and helps the head of desk correct the mistake before it becomes a major issue.
When the head of desk does not care and understand or, worse, actively supports improper “how” and “why” actions, compliance becomes a game of “find the rat in the basement”. In that case, compliance has to create enough different views and analyses of data to be sure there are no shadows to hide in. The latter case of active or passive encouragement of improper behavior has created what DCM see as the basis for the expansion of compliance into “conduct risk”.
If the original oversight of trade compliance was to keep staff with bad intentions from actively breaking rules on their own, DCM looks to conduct risk compliance as the attempt to keep good staff from doing bad things because “that is the way everyone here does it” or “I didn’t know that was wrong” or “my boss told me I have to get more client revenue or I lose my job”. Look at all those excuses:

1. “That is the way everyone does it here” – this really would indicate a willing blindness to how the desk makes money (or ignores hedging decisions that violate trading rules – this especially occurs when procurement departments are converted to “profit centers”), or management passively agreeing that doing bad things is good or actively encouraging them; and
2. Not knowing what is wrong is an indication no one wanted to train their staff on what is wrong; and
3. The worst is the pressure put on staff to make money in a market that just isn’t going to let you make those dollars without skirting (or breaking) the rules.

All of these come down to a misalignment between management (if they’re are espousing “compliance is a core of our culture”) and what they are telling staff they have to do to keep their jobs. In many cases, the desire to keep the job wins regardless of what background noise you are hearing.
DCM believes it is really that simple. The role of compliance in a company is determined by:

1. the degree to which the desk is willing to own the “how” and “why” questions; and
2. the degree to which the desk is willing to accept the “how” and “why” being guided by an external group if that role is not being served by the desk; and
3. the complexity of the desk’s transactions and what need to be done to detect the “accidental” missteps (this is assuming the “how” and “why” capture intentional violations)

The less responsibility owned in Item 1 and the more the desk has complexity and pushback in Items 2 and 3, the more intrusive compliance will need to be.
One final point – some may quibble about whether the questions I posit cover such things as money pass trades or wash trades to move positions from one account to the other. I would just note that “why you are making trades” would cover trades intended to defraud or hide a shift of positions. So, trades that are executed for reasons other than direct P&L impact should still be detected in standard compliance oversight.
This is the first in a number of pieces discussing why and how desks, risk, and compliance should be seen as supporting, not conflicting, functions. To paraphrase what someone who led the compliance function of a major money center bank once said to an industry group “We are not three walls holding out the barbarians. There is only one wall, we are all on it, and we work together or we fail.”
About us: 
Dynamic Commodity Management is some old guys who traded, managed risk, and wrote compliance oversight from the strategies to policies and procedures to actually pulling the trigger. We are happy to have conversations and provide support from strategy to execution to the C-suite down to the cutting room floor.
​About me (Tom Lord)
By way of explanation - I admit to being a dinosaur – my first trades in the energy industry were for Section 7 “emergency gas purchases” (go ahead, I’ll wait until you look up what that was). This is a way of saying that the trades that are executed today didn’t yet exist when I started (there were no options in natural gas and power in 1977, prices were regulated and the contracts had zero vol). I have the fun claim of being the originator on the first ever prepaid natural gas sale financed by a tax-free bond (with Municipal Gas Authority of Georgia). I have seen many of the ways people break the rules, try to bend them, or just screw up. It is best to keep the core focus simple. That is what we are trying to do here.

Here at DCM, we have been focused more on the market compliance rules lately and have let the risk management portions of the rulebooks be a lesser focus. Bad on us, because the risk management parts of the rulebook really bite you when the markets go into hypervolatility. And today's notice from ICE US Futures here is one example.

First, the notice is for changes in the ICE US margins on certain contracts - but the notice immediately references that "For each of the IFUS Energy Contracts, ICE Clear Europe determines the margin rate that is charged to clearing members that carry positions in these contracts. The Exchange minimum margin requirements for outright and straddle positions are based upon the ICE Clear Europe margin rate". As many can remember, there have been significant debates between the US and EU regulators over the past several years as to the proper margin calculations - ICE uses a single margin engine but does adjust US and EU for different "MPOR" - Margin period of Risk (one day for OIl and a number of US energy related products and emissions).
Second, the ICE Europe margin instructions for energy have multiple links to .csv files for relevant risk data - I assume trading desk risk managers have reviewed this. What is interesting here is that the "scanning ranges and tiering" data file is dated April 27. So you have new files to be effective Monday that are on the website now. There are a number of NGL contracts that have significant discount changes - the shift in these rates is both up and down down. (I would also note that the power references were changed earlier this week).
In addition, the inter-month spread rates were changed (increases across the board), strategy spread rates changed (frequently in excess of 25% and some in excess of 100%), and inter-commodity spread rates as well - and while the notice covered NGLs and Petchems the biggest changes I noted in inter-commodity spread rate changes was in wet freight cargo.
This is just to note that, 
a. Smaller shops need to know the ICE EU margin process if they are trading energies;
b. ICE is publishing the changes the Friday before they go into effect - put these in place for remote operations across a weekend will be a pain if you do your own internal version of the calcs; and
c. all traders should think through the expected market impacts of changing margin calcs in the NGLs markets (which are less liquid) in this hypervolatile market.

The ICE EU risk management (margin) page is here

Both CME and ICE (US and Europe) have published circulars related to the collapse below zero of the crude contracts.
CME published a brief little note here on April 21 - effective yesterday - changing the settlement pricing model for options in over 60 crude and refined contracts to the Bachelier model (which is interesting since Bachelier died in 1946 so I am not sure how he got option pricing down). 
ICE US and ICE Europe both issued their notices today - ICE US covering 9 crude contracts and 5 options contracts (all crude outrights only - CME covered BALMOs and others) while ICE Europe covered 13 crude contracts and 3 options contracts (all crude but including Brent and US BALMOs). The ICE US notice is here and the ICE Europe is here.
The big impacts here are going to be on any entity short puts - under standard option models

 Many commentators and the exchanges themselves have indicated that COVID 19 will not cause exchange and regulator oversight to cease. The ICE just punctuated that thought with a notice today of a two month suspension from exchange access for a trader.
The suspension is the result of placing orders without intent to execute (large orders on one side of the market while executing small orders on the other and then cancelling the large orders - classic spoofing) on one single day in December 2016. No monetary fine but a two month suspension. The notice is here
I would just like everyone to imagine the difficulty, cost, and risk associated with an exchange inquiry into your trading activity while you are in remote operations. How do you have the compliance officer manage the call with the trader? How do you get outside counsel access to your records? How does your compliance officer access phone recordings?
The ides of managing an inquiry in this environment is even more daunting than in normal circumstances. I think all compliance officers should think about how their business continuity plan addresses remote management of an inquiry. This also might recommend a note to all trading staff that even greater caution than usual might be a good thing.
DCM hopes all of you are staying safe and healthy and that all industry companies and staff can weather this with minimal impacts. Our best to all of you.
Please fell free to reach out to us for advice and questions in these difficult times - even if you have not been a client in the past, know that we feel all of us have to pitch in and help to keep everyone going these days.

Last September, this bog had a story titled "Disruptive Trading, Spoofing? You don't need to get execution to get fined $800K for "failure to supervise".  At the time, the report was regarding the CME actions regarding this activity. What was omitted was the associated CFTC settlement in the same instance - yes, the CME had fined the trader $200K and the company $800K and there was a completely separate CFTC settlement.
The CFTC settlement has much more information on the facts:
1. The activity occurred for a year;
2. At the times the "Spoof Orders" were placed, they were a "substantial percentage of the best bid or offer";
3. There were more than 1,000 occurrences of the activity;
4. Hard Eight was using a "wash blocker" and the Trader would enter a reverswww.cftc.gov/PressRoom/PressReleases/8024-19ing trade at the same value as the resting offer to have the wash blocker, rather than the Trader, cancel the order (the use of this as a spoofing mechanism to try to hide the activity has been the subject of other CME fines);
5. The Trader went further and used both the Wash Blocker to cancel the order and placed a genuine order that crossed the bid offer spread to execute orders that had joined the Trader's spoof order (e.g., resting spoof bid, enter an identical and offsetting offer that the wash blocker will cancel and a simultaneous genuine offer that will hit the "joined" market bids);

What is interesting is that the CFTC order does not discuss the fact pattern that is in the CME order where the trader was trading in their personal account to profit from the spoofing activity. The CFTC order states "Hard Eight, by and through the acts of Trader A, intentionally employed a manipulative or deceptive scheme ... favorable to Hard Eight".

The settlement included a $1.75MM fine to be paid by Hard Eight and a $750K fine to Igor Chernomzav. The press release is here

Busy day on the CME disciplinary front - six different disciplinary notices today. The majority were regarding block trade timing misreporting and bad broker electronic audit trails.

There were two outliers - both dealing with automatic trade systems that were badly programmed and caused aberrant orders to be entered. In both cases, it appears that the issue was identified and improperly solved and redeployed. Finally, in both instances, the problem was fixed. The fines were $25K and $35K and in one case there was a 30 day suspension form ytrading for the trader who made the mistake.

The block trade notices fell in two categories - a broker reporting block trades with inaccurate times and not within the required time period or a trader failing to report within the required time period, reporting inaccurate trade details and pre-hedging in violation of exchange rules. In one case, the reporting party was a principal to the trades and was pre-trading in its own account prior to execution at a price that was to its benefit. In this case, the fine was $150K plus a $74K+ disgorgement. 

The exchange has issued very specific rules as to what activity can be performed in anticipation of a block trade execution. Failure to follow these rules - which basically ban arbing the client order against the market prior to executing the block trade. The exchange has issued several disciplinary notices in this area in 2019. The amount of notices in this area would indicate that block trade execution and reporting have been undergoing increased scrutiny since 2018 - companies should reexamine their training and guidance on block trades - both reporting and trading in relation to any bilateral block trade communications.

One of the broker block trade actions also covered disclosure of counterparty information regarding the trade. Exchange rules allow for disclosure of specific trade information only when authorized by the parties to the trade.  The exchange noted the failure to properly supervise and train staff in this instance as well. The broker fines were $60 and $70K.

The final notice was a very large fine - $650K - to ADM Investor Services. In this instance, a client of ADMIS was using an improper method of offsetting omnibus account positions using FIFO accounting. It should be noted that this discplinary notice does not cover the underlying entity's activities. However, notice should be taken that there are very specific allocation rules that must be followed in managing omnibus accounts. The CME noted - "As a result, inaccurate open interest data was published to the market". This, obviously, is "not a good thing".

Compounding the issue, ADMIS used customer provided information to report to the CME during the investigation - which information the CME ascertained to be incorrect. The CME cited the initial failure to keep accurate audit trails, the use of inaccurate client audit information, and the lack of supervision and training as actionable items. As noted, the fine was $650K.

The CME issued a market regulation notice that reinforced the simple statement above that often is met with skepticism when DCM is teaching a training class. A trader in Singapore or London may question why it is important for them to be trained in US exchange rules and disciplinary scope. The perception is that as long as they know local rules they are OK. The answer is an emphatic NO.  If you trade US futures markets you are subject to US exchange rules and, by agreeing to jurisdiction, CFTC rules. And the exchange rules and investigatory processes are different.
The CME market regulation advisory notice today was very specific in its purpose:
"The same or similar provision will be adopted by all U.S. designated contract markets (“DCMs”), and results from an industry-wide effort to ensure that DCMs have full jurisdiction over such entities where a commission or fee is charged in connection with a client’s trading activities in the applicable DCM’s markets.1
There is a section of the CME Rules that is restated here even though it was adopted in 2012:
418. CONSENT TO EXCHANGE JURISDICTION Any Person initiating or executing a transaction on or subject to the Rules of the Exchange directly or through an intermediary, and any Person for whose benefit such a transaction has been initiated or executed, expressly consents to the jurisdiction of the Exchange and agrees to be bound by and comply with the Rules of the Exchange in relation to such transactions, including, but not limited to, rules requiring cooperation and participation in investigatory and disciplinary processes. Any futures commission merchant, introducing broker, associated person, or foreign Person performing a similar role that charges a commission or fee in connection with transactions on or subject to the Rules of the Exchange also expressly consent to the Exchange’s jurisdiction.
It is interesting that the exchange has felt it important that they are reaffirming that anyone collecting any fee, including foreign persons, associated with a transaction and any person for whose benefit that trade was executed must agree to exchange jurisdiction.
DCM has always stressed that the exchange contract requires acceptance of US jurisdiction - this notice is reaffirming that any person receiving benefit from the execution of a trade on a US exchange - and DCM would caution this could be interpreted to include advisors receiving a fee based on the fact a trade was executed - is subject to and required to comply with the exchange jurisdiction and to assist in disciplinary inquiries.
This reinforces the need of all individuals and entities  involved in access to US futures markets should understand the US rules and train appropriate staff in US market rules.
​The complete notice is here

UPDATE:

The CFTC issued a revised notice in this activity this morning to CTAs, CPOs, IBs and RFEDs - there are two changes (underlined and in bold in the letter). They are:

The first clarifies who must respond by tomorrow. It states: "You are only required to submit an email confirmation if your cloud service providers have been affected by this attack". Anyone whose cloud provider was not hacked does not need to respond.

The second exempts CTAs and CPOs from the January 20 response requirement. It changes the first sentence of the state: In addition, only if you are a registered Introducing Broker or Retail Foreign Exchange Dealer, by January 20, 2020, "

This will reduce the burden on CTAs and CPOs in particular and anyone whose cloud provider was not hacked.

Friday, January 3, the CFTC sent two separate "Cyber Threat Alert" letters out from Joshua Sterling, Director, Division of Swap Dealer and Intermediary Oversight - one to all "registered Commodity Pool Operator, Introducing Broker, Commodity Trading Advisor and/or Retail Foreign Exchange Dealer"s and one to all"registered Swap Dealers or Futures Commission Merchants". In this, the CFTC references the Wall Street Journal article of December 30, 2019 reporting on the hacking of multiple cloud services providers being hacked. The CFTC notes it appears "the attackers may have gained access to the providers’ networks, allowing the hackers to freely and anonymously hop from client to client."
The letter requests that the entities:

"confirm no later than January 10, 2020 by email to DSIOAlerts@CFTC.Gov  if your cloud service providers have been affected by this attack. If so, please include information regarding whether and when the provider(s) informed you about the attack and a summary of any steps you have taken to protect your systems and data in response this attack and your plans to notify market participants whose data may have been affected. "

By January 20, these entities must confirm whether they have had any communications from or in current communication with an assortment of entities from the service providers to customers, business partners or industry-related parties regarding the hacking event.

The industry has been moving much more rapidly to cloud based services and support. Many of those systems may include significant individual or corporate sensitive data such as trading activity, positions or even banking information. These CFTC letters could indicate that registered entities may have a risk to these customers if their data is hacked in a cloud environment. If the government starts to assert a duty to counterparties for loss of hacked trading or other information, what is the risk for companies in this environment? 

While cloud based solutions have significant advantages, do the providers provide the indemnifications or warranties to provide assurance for these risks?  Has your trading and compliance risk assessment covered these types of events? It may be time to expand your risk assessments and controls review to include your cloud providers.

A full copy of the CTA/CPO/IB/RFED letter is below:

U.S. COMMODITY FUTURES TRADING COMMISSION
Three Lafayette Centre 1155 21st Street, NW, Washington, DC 20581
Telephone: (202) 418-6700 Facsimile: (202) 418-5407


Division of Swap Dealer and Intermediary Oversight 
  Joshua B. Sterling Director 
​
TO:  CFTC Registrants 
 
FROM:  Joshua B. Sterling, Director   Division of Swap Dealer and Intermediary Oversight 
 
DATE:  January 3, 2020 
 
RE:  Cyber Threat Alert 
 
As registered participants in the markets the CFTC oversees, we recognize that you must react to unexpected events that potentially impact your legal and regulatory obligations. A December 30, 2019 Wall Street Journal article reports that approximately one dozen cloud service providers have been hacked. The reporting indicates that the attackers may have gained access to the providers’ networks, allowing the hackers to freely and anonymously hop from client to client.  
 
We ask you to consider, in light of this reporting, your organization’s systems and data vulnerability.  
 
If you are a registered Commodity Pool Operator, Introducing Broker, Commodity Trading Advisor and/or Retail Foreign Exchange Dealer, please confirm no later than January 10, 2020 by email to DSIOAlerts@CFTC.Gov  if your cloud service providers have been affected by this attack. If so, please include information regarding whether and when the provider(s) informed you about the attack and a summary of any steps you have taken to protect your systems and data in response this attack and your plans to notify market participants whose data may have been affected.  
 
In addition, by January 20, 2020, consistent with CFTC Staff Advisory 14-21 (interpreting CFTC Rule 160.30), please also advise whether you have received any communications from—or are currently communicating with—cloud service providers, customers, clients, counterparties, business partners, or industry-related parties regarding the WSJ-described attack or a related potential cyber event.   
 
We recognize that your evaluation of the situation may evolve and we ask that you notify us promptly, updating us with follow on information as you proceed in your assessment.  
 
If you have questions, please do not hesitate to contact DSIO staff: Amanda Olear, Deputy Director, (202) 418-5283 or AOlear@cftc.gov, Joe Sanguedolce, Deputy Director, (646) 746-9750 or JSanguedolce@cftc.gov, or Barry McCarty, Special Counsel, at (202) 418-6627 or CMcCarty@cftc.gov 
 
 

DCM has posted a number of disciplinary actions regarding Tag 50 - the Globex Operator ID data field on a CME message. The CME issued a Market Advisory Notice today that adds Tag 1028 - the "automated or manual indicator" to that high priority list. What is this Tag?

In the notice, the CME spells it out simply:

"Manual order entry refers to orders that are submitted to CME Globex by an individual directly entering the order into a front-end system, typically via keyboard, mouse or touch screen, and which is routed in its entirety to the match engine at the time of submission"
"Automated order entry refers to orders that are generated and/or routed without human intervention. This includes any order generated by a computer system as well as orders that are routed using functionality that manages order submission through automated means (i.e. execution algorithm)."

The industry has commonly referred to "algo trading" as something where there is a complex system developing trading orders. This Market Advisory would expand that definition of automated to, in DCM's opinion, to include a analysis system in an OMS (order management system) that, under identified conditions, enters a trade on behalf of the trader. This could also mean a spreadsheet system that has a link to drop a trade into the OMS. The advisory specifically indicates that "orders generated by automated means, including via automated spreading functionality, must be properly identified with the value “N” in Tag 1028." (the "N" tag indicates an automated order - manual orders are a "Y" value)
This begins to make sense to us here at DCM. There has been a significant number of electronic audit trail summary fines for broker/dealers failing to maintain a complete and accurate audit trail of customer orders. It is not stated that this advisory follows on that set of reviews but a major point raised in the advisory regarding proper inclusion of the Tag 1028 information:

"This has been a required data element on CME iLink interface order submissions since June 2011 and is now being added as a regulatory requirement. "
​
It should be noted there was a prior advisory - MRAN RA1210-5 (cited in this advisory) that indicated this was a required field but did not include the "regulatory requirement" language. That order was issued September 20, 2012.

This indicates that the CME may begin considering the failure to include or inaccurate listing of the Tag 1028 value on a Globex order in a similar manner as it considers an improper Tag 50 value or usage - which had been seen to carry high 5 digit fines and suspension of trading privileges on CME. This escalates the importance of getting Tag 1028 information correct.
DCM and firms it works with have the ability to help companies review their Tag 1028 information and their internal order generation, assess if there are gaps in their controls, and revise those controls.
Please contact us if you would like to discuss this or other regulatory issues.

The full CME advisory notice is here