When I have been a Chief Risk Officer in the past, when the book got stressed and I knew traders were under pressure, I started get even more focused. When people are under pressure and fear about losing their job, they become even more likely to "self justify" riskier or more problematic behavior. As many of my clients can attest, I have rephrased the old "seven stages of grief" to the "seven stages of trader misconduct"

• Denial
• Guilt
• Bargaining (with yourself) about what to do
• Depression
• "watching the market"
• Deer in the headlights
• Deer on the front bumper

The objective of most risk management programs is to stop the indecision about step three and force the trader to do something. The last resort of the risk program is to make sure the company doesn't become the deer on the front bumper.
​But that implies that the trader is going to feel pressured to do "something". And that something can, in some cases, be doing something the regulator says they shouldn't.
Yes, some compliance problems come because someone figured out a way around the edges to make money with less risk - because they cheated. But in many cases, the behavior comes because the trader feels they have nothing to lose - if they don't solve their problem they are going to be fired. And, at that time, the trader's personal risk tolerance to use company resources to bail themselves out becomes close to infinite.
Well, the trader's risk tolerance for a company regulatory risk has the same change. Frequently, the trader is not even thinking about the potential compliance risk - they are already focusing so hard on getting around risk controls. That means it is up to the compliance officer to take up that slack.
The best compliance programs have regular participation by compliance in the risk updates. When books or desks or even business divisions are having a rough stretch, compliance needs to be extra vigilant. When the entire company is at risk, the compliance function has the even tougher task of recognizing that management, in some cases, may encourage market behavior that carries even greater compliance risks.
We are headed for the rough water - it is time to check to make sure you have everything in top shape.

the concept of .A pair of interesting disciplinary actions were posted in the same inquiry yesterday by the CME. A firm was over the spot month limits in soybeans "at more than one clearing member firm. " The position was held over night for multiple days. The overage was in "two different reportable accounts controlled by the customer".
The broker, Goldman Sachs, was fined for "failed to liquidate its pro-rata share of the customer’s position in excess of limits or otherwise ensure that its customer was in compliance with the limits within a reasonable period of time." Goldman had been notified of the overage by the Market Regulation Department and failed to respond. Goldman was fined $15K and the notice is here
Separately but in a linked notice, the customer was found to be 15 contracts (0.19% of the total position) over the position limit in the associated accounts. The notice does not indicate when the customer received notice of the overage. The CME imposed at $25K fine and a $9,720 disgorgement of profits. The notice is here.
During compliance assessments by DCM, we always look to discuss the concept of position aggregation under US exchange rules. This helps to establish the needs for position limits surveillance. There is also a linked concept of allowed disaggregation - an option for establishing with the exchange a right to not have separated accounts linked for position limits. This requires analysis and a filing with the exchange but, as shown here, it can reduce potential compliance exposure as well as reducing position surveillance complexity. It is good practice to examine what accounts are owned by your company, affiliates, and subsidiaries and to consider aggregation requirements and disaggregation options.

One of the points that the consulting and legal communities have settled into agreement on is the likelihood that regulators are likely to do a quick lap around companies that have been trading commodities through the COVID pandemic to make sure nothing glaring is hiding. And one point that is easy for the regulators to look at is your training program. Here are some points to consider:
1. Many companies utilize industry conferences or training firms to provide training - much of it off site. With COVID, has the training been deferred? Any number of firms are doing Zoom or webinar training, that is a good replacement. And if people are doing remote training, how are you keeping company records of training attendance for the regulators - if there isn't a record, it never happened.
2. With the swings in liquidity, have you been trading different products or, more importantly, different exchanges? This is especially important for firms outside the US trading US commodity exchanges. DCM has taught both EU and US exchange regulation classes - it cannot be stressed too much that these are very different worlds. Approaching US regulators and exchanges as if they were EU or UK regulators can be a rude awakening when you realize the rules, enforcement tools, and regulatory philosophies are fundamentally different. In the US, a firm has strict liability for the actions of its employees and agents.
3. Which brings us to our final point about training - it is cheap protection for your company. The DCM blog over the last several years has repeatedly pointed out the CFTC and exchanges penchant for assessing "failure to adequately supervise" penalties. One recurring points in the disciplinary notice is the failure of the company's training to address the issue the employee created.
It would be appropriate to develop a training plan (as opposed to the frequent "once a year" training) that works through the period from 100% remote work through the transition to the "new normal". Best practice would be to engage and include senior management - possibly the board - on the plan and the training and role it out in a measured plan to keep the topics fresh and top of mind.

There are any number of webinars out there on preparing for the post-COVID regulatory inquiry world. DCM wanted to add a little emphasis to the message being sent. One of the simplest and best places we have found to look is the May 28, 2020 guidance issued by FINRA. For those in the commodity space, FINRA is the Financial Industry Regulatory Authority in the US - it is the self regulatory authority ("SRO") for the New York Stock Exchange (formerly the NASD). The piece was only four pages and while focused on some of the regulatory requirements for registered entities, it still has a number of interesting points. Also, the SROs in the US are an avenue for insight into what the regulators are thinking and, frequently, meeting the SRO guidance is a big step up towards meeting regulator expectations.
There were a number of things in particular that seemed good to document if you have undertaken them or to have staff document if they were supposed to take actions. These are:

• Documenting if you provided specific VPN or other secure connection capabilities to avoid people intercepting electronic information from the internet connection at your staff remote locations and documenting that your staff always used those connections;
• Documenting that no staff member had a potential conflict of interest with a family member also working at home - does a family member or other occupant work for a competitor or other conflict?
• A point FINRA raised was the concept of "over escalating" issues - stressing to supervisors and staff that it is even more important to document and escalate concerns. There are a lot of concerns that might be handled by a short conversation in the office that may now need to be documented and resolved. FINRA also suggested changing trade surveillance thresholds to increase the sensitivity of reviews and alerts. They also raise the idea that remote cameras or multiple daily check ins may be appropriate.
• A lengthy discussion of how a firm should approve trader at home operations including such things a supervisor review of information latency at the staff location
• Increased requirements for supervisors to create and complete checklists on each remote trader's operations.

In sum, this guidance indicates that FINRA doesn't think "supervision as normal" is appropriate in the COVID relote working environment. The simple question is whether a firm has assumed its pre-COVID supervision environment is adequate in the COVID environment. FINRA Is letting you know they don't think that is correct.

You can find the FINRA guidance here

DCM is a commodity and supply chain consulting firm with experience in all aspects of the tradeable commodity environment - from business strategy, trade operations, supply chain analysis for commodities, risk and compliance operations and market entry and exit. Please feel free to reach out to us with questions or assistance, we are happy to talk with industry participants.

There have been increasing cases of "disruptive trading" that center on the use of cross blocker in a manner it was not intended for. Cross blocker, to refresh, is a piece of code that automatically cancels an existing outright order  when a opposing order at the same price is entered in the same account. A cross can be thought of as a wash trade within the same account. Trading an outright trade against an outright trade in the same account is a cross and against exchange rules.

Well, clever traders have realized that exchanges look at cancelled and modified orders in their spoofing analysis. Therefore, how do you spoof without cancelling your order (light bulb goes on) - I just enter an order that the cross blocker will cancel. Easy peasy, except that the exchanges have figured this out.
​
The latest instance of this (CBOT disciplinary notice CBOT-18-1003-BC issued May 29) indicates it is common enough the CME has now applied a term under Rule 572 in relation to the use of cross blocker: "Flipping". As the definition is set forth in the latest notice:

"A18: Flipping is defined as the entry of orders or trades for the purpose of causing turns of the market and the creation of volatility and/or instability.(from Market Regulation Advisory Notices RA1516-5 (preceding) and RA1807-5 (superseding) Q&A)
...
Market Regulation recognizes there are many variables that can cause a market participant to change his perspective of the market. This Rule, therefore, does not prohibit a market participant from changing his bias from short (long) to long (short).
...
Flipping activity may, however, be disruptive to the marketplace. For example, repeated instances of a market participant entering flipping orders that are each large enough to turn the market (i.e., being of a sufficient quantity to sweep the entire quantity on the book at the particular price level and create a new best bid or best offer price with any remaining quantity from the aggressor flipping order) can be disruptive to the orderly conduct of trading or the fair execution of transactions."

And that is what happened here. The trader "entered large orders on one side of the market and then while those orders were resting, entered large aggressive orders on the other side of the market. A wash blocker caused the resting orders to be cancelled within the same millisecond or one millisecond of (their) entry of the aggressive orders, which at times turned the market (“flip order”) and traded immediately. (The trader's) use of the wash blocker to flip sides of the market created order book imbalances and prevented others from gaining order book priority."

Note, this was not necessarily pushing the price but it was resetting order book priority. This was a way of getting trades executed at the price and bid/offer desired. This is why spoofing has become less and less common as a term and the exchanges are leaning on disruptive trading.

Oh yes, the fine was $60K and 20 days suspension from access to the market. The notice is here

The latest air pockets in life (pandemic, May contract settle in oil, trying to hold Zoom meetings with a menagerie of dogs in the background) have left DCM behind in keeping up with the activities of regulators and exchanges in the compliance world. There have been 16 disciplinary or summary action notices from the CME in the last thirty days - over one every two days on average. And a number come back to a common area of focus for exchanges - wash trades.
Now, those of us of a certain age remember the massive investigations and fines associated with "wash" trades in US physical energy markets of the mid 90's. Trades where counterparties conspired to elevate market prices by a series of circular trades that had no risk positions but acted to provide "reported trades" at artificial prices. And most of us think of wash trades as that - trades designed to get a price printed without actually taking a position in the market.
But the disciplinary notices in the last month regarding wash trades reflect them being used for a different purpose - moving trades around between books within the same company or between affiliates. In one case, the notice reads:
"The purpose of the trades was to manage an affiliate’s risk by rolling positions held in three separate accounts owned by the affiliate’s subsidiaries. ​"
​The notice regarded AXA Bank and the text is here.
This is not an uncommon occurrence in the disciplinary area - traders trying to move positions because they accidentally traded in the wrong account or to shift amounts or to stay within corporate limits without getting noticed. All of these reasons are normally something the risk manager would like to know about - for training or breach management or limit violation purposes.
And that is where your compliance function can help. They should be examining all futures trades where the execution ID shows up on both the buy side an the sell side on broker statements or exchange feeds. This is a common area of focus - looking at trades where affiliates, even if dis-aggregated, show up on both sides of the trade. The exchange is looking at these, you should be too.
And what this shows a risk officer is where someone is making executions that should be an intra-book transfer and, therefore, a transparent risk transfer but are possibly not showing up. In addition, there is an acceptable manner to effectuate these trades by "back office transfer" - the problem is that this is a much more visible method that the trader can't really obscure.
​But you need to document these actions to assure controls are working. Even worse, what if those transfers are to change regulatory analysis of exposures at the end of a reporting period and now the regulator finds out staff are acting to manipulate reporting exposures? That is likely not a pleasant discussion for the risk officer.
So, risk officers, you might have a discussion with your compliance counterparts and understand the insights they may be able to provide you about areas under your purview. You could find they have a lot of help they can give you.

The shut downs and remote operations are, hopefully, beginning to ease. And, as we all hope, we can start to put this stress and complication behind us. But before we all move to put this in out rear view mirror, DCM would suggest some simple steps to make sure nothing gets left behind and starts to go bad:
1. Ask all staff to do a review of ANY personal devices that they used to perform company work in a manner unlike normal operations - look for any new files saved to personal drives that shouldn't be there. It may be appropriate for your IT department to come up with a checklist and set of available tools to do the house cleaning. Maybe have every staff member even attest that they have performed the checklist and used the tools.
2, During the house cleaning, provide an "amnesty" for reporting an oops found during Step 1. Having a staff member perform the house cleaning only to find out later you have an existing log file that shows a download of a document that shouldn't be outside the firewall.
3. Consider doing an in house or third party audit of types of actions that could cause trouble - now might be a good time to look at the 500 surveillance alerts your junior staff member cleared between 1 and 2 AM one morning two weeks ago. People have been working under stress and with all sorts of distractions - it might be good to do a spot check.
4. In the same vein, have you kept a log of the "emergency exceptions" or "waivers" of risk or compliance policies, procedures or controls that have been issued? Many companies have - do you perform an audit to make sure all changes have been covered with a waiver or exception? Maybe a staff review of procedures and controls is appropriate with, again, an amnesty of reporting instances that were not covered at the time and a process for confirming the incident, the cause no waiver was sought, and a documentation of the results.  
All of these suggestions have the potential to do multiple things - you can assure no surprises are hiding out there; and you can rectify and issues that are found; and you can use any and all instances as training opportunities for any and all staff.

Let's not just run away from the stress of the current situation as fast as we can or go to analyse how we can do this better before you have the facts of how well this current situation was handled.

DCM can help you with audits or reviews, please reach out even if you would just like our feedback on your own internal plans.

It is something we find interesting at DCM - what do the trainers focus on when training staff about compliance oversight? Lawyers may tend to focus on eCommunications as much or more than on transaction oversight. Many consultants tend to focus more on the surveillance oversight piece. There is a reason for this. This can influence the importance companies place on one tool or the other. Let’s examine why they can serve complementary and important roles.
Look at how the regulators and exchanges get create the basis for an inquiry – how do they start? In today’s world, the most common starting point is by the regulator or exchange (or ISO for power or ACER for the EU) looking at transaction and order level data. This is what they have access to without ever asking your company for anything. Therefore, from the standpoint of preventing there ever being an inquiry, starting with the transaction surveillance can make a lot of sense.
However, in the past many of the inquiries (and even currently – look at OfGem’s latest fine in England) came from internal whistleblowers or, even more frequently, someone else in the market that was on the other side of whatever trading strategy or activity the inquiry covers. Remember, if someone at your desk is scalping the market in an inappropriate manner, someone is on the other side losing their scalp. And when those inquires arose (and arise), the regulators can come right in and ask you to keep everything – including your emails, phone tapes, and texts.
And, while transactions can show patterns, communications can show intent. Many of us in the industry remember pouring over the released documentation of all the Enron communications (come on, those of us in the industry at the time will admit we all searched for our own names in the files either out of curiosity or fear). And those communications did three things:

1. For the really serious violations, the ability to show intent always makes the prosecution easier and puts criminal charges in a much more winnable arena; and
2. Internal communications can drag not just the traders but any and all people up to the CEO into the morass and the criminal charges; and
3. As in the LIBOR cases, it can show collusion between and among traders across company lines – and that collusion just ups the ante on the charges.

In the natural gas index misreporting cases in the mid 1990’s, there were emails internal to firms discussing the manner in which the firm would misreport data. There were even discussions about how the book would be impacted. In the California power cases in the 2000’s, the strategy of how to use scheduling and wash trades to manipulate prices were recorded in emails and presentations. And these documents put people in jail.
And that is where eCommunications come in – they are the smoking guns of what you were thinking and who you were working with. So, what does eCommunication surveillance do?
It can attack both the “bad actor” issue as well as the “conduct risk” issues. In the bad actor case, it can show whether the trader was intending to misbehave – the “I’m going to push this close” text”. But it is really in the collaboration phase.
From the bad actor phase, eCommunications can track when a trader is writing, as one vendor calls it, “stupid s*@t”. The compliance officer’s role is to determine if the trader was one time stupid, repetitively stupid or actually recording their state of mind as they violated the rules. If it is writing stupid stuff, I would recommend the simple practice a number of CCOs I know perform when they have someone who is, shall we say, “lax” in the self-monitoring of communications.
They take a random set of emails and texts into the trader’s head of desk’s office, sit them both down and start reading them. It takes very few repetitions of this before the trader self-monitors so they don’t have to go through that again or, in the hard cases, the head of desk informs the trader that they do not want to have to go through that again.
From the “conduct risk” point of view, eCommunications oversight can monitor for situations when the head of desk is pressuring for better performance. Even if the pressure is not to do bad acts, knowing a trader is under pressure is frequently a starting point for increased transaction oversight – scared traders can be reckless traders.
So, eComm can be:

1. The starting point for finding collusive activity; or
2. Verification of intent on individual activity
3. In both cases, it can tell compliance what rocks to look under

And eCommunications is finding expanded roles in companies. Not trading firms (and trading firms) are using eComm oversight to monitor for sexual, gender, racial or other forms of harassment. Customer service centers use it for monitoring customer interactions for inappropriate behavior or bad information.
While eCommunication may not be the best way to fend off the start of a regulatory inquiry before it happens, it can be a fundamental and valuable tool in the compliance officer’s kit. And this all tracks back to the concept of how the tools are uses and what training covers.
Next week – what does eCommunications surveillance really do and what can it cover?

Yes, that question is meant to be provocative, but it has a real purpose. It is to illustrate the fundamental role that trade compliance is performing these days. The roles currently seem to be:

1. Head of Desk - in some cases their role is limited to responsibility for the strategy of making what we say we will (or hedging what we say we will hedge) and guiding that execution. In other words, how much do we intend to make and how we will say we intend to make it; and
2. Risk Management – Risk’s role is to look at how much risk you are taking to make that money and ensure you don’t take more risk than the company is willing to tolerate; and
3. Compliance - looks at what you are actually doing to make that money and why you are making trades.

The evolution of the markets has created more and more structured methods, trading strategies, and market forums to capture value. But in the end, fundamental compliance comes back to two primary questions – why are you making money and how did you make it? At the root cause, compliance issues occur when the head of desk and the management either don’t examine and control the answers to those questions, or they don’t care. Or, if the head of desk or company lets the desk activity expand beyond management’s ability to understand strategy or trade complexity or to adequately monitor the risk and that impacts management’s ability to ask those two fundamental questions – “why” and “how”. Risk will always be an integral function because the compliance question of “why” and “how” does not immediately imply they are looking at “how much can go wrong” and “are we willing to take that risk”– which are really the essential risk management questions.
The reality is compliance becomes a very simple function if the head of desk has the interest in examining the staff actions, understands them, and cares if they go off the rails. Then, the compliance function is simply to notice when someone unintentionally steps out of bounds and helps the head of desk correct the mistake before it becomes a major issue.
When the head of desk does not care and understand or, worse, actively supports improper “how” and “why” actions, compliance becomes a game of “find the rat in the basement”. In that case, compliance has to create enough different views and analyses of data to be sure there are no shadows to hide in. The latter case of active or passive encouragement of improper behavior has created what DCM see as the basis for the expansion of compliance into “conduct risk”.
If the original oversight of trade compliance was to keep staff with bad intentions from actively breaking rules on their own, DCM looks to conduct risk compliance as the attempt to keep good staff from doing bad things because “that is the way everyone here does it” or “I didn’t know that was wrong” or “my boss told me I have to get more client revenue or I lose my job”. Look at all those excuses:

1. “That is the way everyone does it here” – this really would indicate a willing blindness to how the desk makes money (or ignores hedging decisions that violate trading rules – this especially occurs when procurement departments are converted to “profit centers”), or management passively agreeing that doing bad things is good or actively encouraging them; and
2. Not knowing what is wrong is an indication no one wanted to train their staff on what is wrong; and
3. The worst is the pressure put on staff to make money in a market that just isn’t going to let you make those dollars without skirting (or breaking) the rules.

All of these come down to a misalignment between management (if they’re are espousing “compliance is a core of our culture”) and what they are telling staff they have to do to keep their jobs. In many cases, the desire to keep the job wins regardless of what background noise you are hearing.
DCM believes it is really that simple. The role of compliance in a company is determined by:

1. the degree to which the desk is willing to own the “how” and “why” questions; and
2. the degree to which the desk is willing to accept the “how” and “why” being guided by an external group if that role is not being served by the desk; and
3. the complexity of the desk’s transactions and what need to be done to detect the “accidental” missteps (this is assuming the “how” and “why” capture intentional violations)

The less responsibility owned in Item 1 and the more the desk has complexity and pushback in Items 2 and 3, the more intrusive compliance will need to be.
One final point – some may quibble about whether the questions I posit cover such things as money pass trades or wash trades to move positions from one account to the other. I would just note that “why you are making trades” would cover trades intended to defraud or hide a shift of positions. So, trades that are executed for reasons other than direct P&L impact should still be detected in standard compliance oversight.
This is the first in a number of pieces discussing why and how desks, risk, and compliance should be seen as supporting, not conflicting, functions. To paraphrase what someone who led the compliance function of a major money center bank once said to an industry group “We are not three walls holding out the barbarians. There is only one wall, we are all on it, and we work together or we fail.”
About us: 
Dynamic Commodity Management is some old guys who traded, managed risk, and wrote compliance oversight from the strategies to policies and procedures to actually pulling the trigger. We are happy to have conversations and provide support from strategy to execution to the C-suite down to the cutting room floor.
​About me (Tom Lord)
By way of explanation - I admit to being a dinosaur – my first trades in the energy industry were for Section 7 “emergency gas purchases” (go ahead, I’ll wait until you look up what that was). This is a way of saying that the trades that are executed today didn’t yet exist when I started (there were no options in natural gas and power in 1977, prices were regulated and the contracts had zero vol). I have the fun claim of being the originator on the first ever prepaid natural gas sale financed by a tax-free bond (with Municipal Gas Authority of Georgia). I have seen many of the ways people break the rules, try to bend them, or just screw up. It is best to keep the core focus simple. That is what we are trying to do here.