The Commodity Futures Trading Commission ("CFTC" or "Commission") issued two proposed rules on December 18, 2023, both of which are now open for public comment. The first proposed rule would create an "Operational Resilience Framework for Futures Commission Merchants, Swap Dealers, and Major Swap Participants" ("Operational Resilience Framework"). The second proposed rule ("Clearing Member Funds Proposal") would provide protections for clearing member funds and assets held by a derivatives clearing organization ("DCO"). In the same announcement, the CFTC also approved an order granting Bitnomial Clearinghouse LLC ("Bitnomial") registration as a DCO under Section 5b of the Commodity Exchange Act ("CEA").
The Operational Resilience Framework proposal would require that futures commission merchants, swap dealers, and major swap participants establish, document, implement, and maintain policies and procedures reasonably designed to identify, monitor, manage, and assess risks relating to information and technology security, third-party relationships, and emergencies or other significant disruptions to normal business operations.
The Operational Resilience Framework includes three required components for covered entities:
- An information and technology security program;
- A third-party relationship program; and
- A business continuity and disaster recovery plan ("BCDR" or "Business Continuity Plan") supported by broad requirements relating to governance, training, testing, and recordkeeping.
The Operational Resilience Framework would also require notification to the Commission and customers or counterparties of certain adverse incidents, activation of a covered entity's Business Continuity Plan, and any incident that could have adversely affected the confidentiality or integrity of such customer or counterparty's covered information. Notification of such incidents would have to be provided to the CFTC as "soon as possible but in any event no later than 24 hours" and to customers or counterparties "as soon as possible."
Notably, CFTC staff views the requirement that a firm maintain a "reasonably designed" Business Continuity Plan as "simply a more concrete expression of the CFTC's current expectations" rather than a departure from current standards. The standard is similar to what the SEC has proposed with Reg SCI. CFTC Commissioners Johnson, Pham, and Goldsmith Romero released statements in support of the Operational Resilience Framework. Commissioner Pham specifically requested comment on the definitions, third-party relationship program guidance, risk appetite, risk tolerance limits, annual attestations, and substituted compliance approach. Commissioner Goldsmith Romero also requested comments on whether the CFTC needs greater harmonization with bank regulators' rules and guidance, NFA guidance, and the proposed definition of a critical third-party service provider.
Clearing Member Funds Proposal
The Clearing Member Funds proposal would require that clearing members' funds be segregated from the DCO's own funds and held in a depository that acknowledges, in writing, that the funds belong to clearing members, not the DCO. In addition, the proposed rule would enable DCOs to hold customer and clearing member funds at certain foreign central banks subject to certain requirements. Beyond preventing the misuse of proprietary funds, the proposal is designed to help ensure that proprietary funds are appropriately protected should a DCO go bankrupt. DCOs will also be required to conduct a daily calculation and reconciliation of the amount of funds owed to customers and clearing members and the amount actually held for customers and clearing members. CFTC staff believes these requirements will promote sound risk management principles for DCOs. Commissioners Benham, Johnson, and Pham all released statements in support of the proposal. Commissioner Johnson is seeking comments regarding the reporting of DCO reconciliations. Commissioner Pham also requested comments on whether there are any operational reasons for the account distinction in the current rules.
The CFTC also approved an order granting registration to Bitnomial as a DCO under Section 5b of the CEA. Subject to the terms and conditions of the order, Bitnomial is now authorized to provide clearing services for futures and options on futures traded on a designated contract market ("DCM"), such as their parent company, Bitnomial Exchange LLC. Chair Benham and Commissioner Johnson released statements in support of the order. In Commissioner Johnson's statement, she again advocated for the CFTC to initiate a rulemaking process directly addressing the concerns arising due to vertically integrated market structures. Commissioner Goldsmith Romero released a dissenting statement on the order. Her dissent expressed concern with vertically integrated market structures, particularly in digital assets where the systemic, contagion, and anti-competitive risks have not been analyzed.
The comment period for the Operational Resilience Framework proposal will be open until March 2, 2024, and for the Clearing Member Funds Proposal until February 16, 2024.Comments may be submitted through the CFTC's online public comments portal. Our commodities and cybersecurity lawyers can assist with preparing comments and can provide consultation on compliance with these proposed rules.
 See also NFA Rule 2-38 (requiring BCDR plans be “reasonably designed”).
 See SEC Proposes Host of New Rules for Data Security, Cybersecurity, and IT Resilience, available at SEC Proposes Host of New Rules for Data Security, Cybersecurity, and IT Resilience | Davis Wright Tremaine (dwt.com).
 See also Kristin N. Johnson, Commissioner, CFTC, Statement Calling for the CFTC to Initiate a Rulemaking Process for CFTC-Registered DCOs Engaged in Crypto or Digital Asset Clearing Activities (May 30, 2023), available at https://www.cftc.gov/PressRoom/SpeechesTestimony/johnsonstatement053023.