On September 10, 2020, the Commodity Futures Trading Commission (the CFTC) issued a new guidance memorandum outlining factors that the Division of Enforcement (the division) will consider when evaluating compliance programs in connection with actions it brings. The memo follows the guidance that the CFTC issued in May 2020 laying out factors to determine civil penalties in enforcement actions. Together, these steps demonstrate the CFTC’s recent efforts to promote the transparency of its examination and enforcement strategies and reaffirm the CFTC’s commitment to compliance.
The May 2020 guidance instructs the division to take a three-pronged approach when determining the appropriate civil monetary penalty to recommend to the CFTC: (1) the gravity of the violation; (2) mitigating and aggravating circumstances; and (3) other considerations. As part of the consideration of mitigating and aggravating circumstances surrounding a violation, the guidance directs the division to evaluate the “[e]xistence and effectiveness of the company’s pre-existing compliance program” and whether the respondent engaged in efforts to improve its compliance program following the discovery of a violation. Other factors include the extent and timeliness of the respondent’s cooperation and remediation; whether the respondent self-reported the misconduct or engaged in any acts of concealment, obstruction, or prior misconduct; the pervasiveness of misconduct within the company; and the nature of any disciplinary action taken by the respondent concerning individuals engaged in the misconduct.
The September 10 guidance builds on that instruction and outlines the factors that the division should consider when evaluating compliance programs in the context of determining civil monetary penalties and non-monetary terms of a resolution. The memorandum directs the division to consider, among other things, whether a company that has engaged in violations of the Commodity Exchange Act (CEA) or CFTC regulations has, at the time of the offense, adopted a compliance program that was reasonably designed to achieve three goals:
To prevent the misconduct — In evaluating this factor, the division will examine the program’s:
-
Written policies and procedures;
-
Staff and supervisor training;
-
Failure to cure previously identified deficiencies;
-
Adequacy of resources; and
-
Independence from its business function.
To detect the misconduct — This factor directs the division to evaluate the program’s:
-
Internal surveillance and monitoring;
-
Handling of internal complaints, including whistleblower protection; and
-
Procedures for identifying and evaluating unusual or suspicious activity.
To remediate the misconduct — In evaluating this factor, the division will consider whether appropriate action was taken in a sufficient and timely manner to:
-
Effectively address any impact of the instant misconduct, including efforts made to mitigate and cure any financial harm to others and restore integrity to the relevant markets;
-
Discipline individuals directly or indirectly responsible for the misconduct; and
-
Identify and address any deficiencies that may have contributed to a failure to prevent or quickly detect the misconduct.
The CFTC adopted a principle-based approach with few specifics, rather than a strictly rules-based approach, recognizing that a compliance program fit for one company may not be a fit for another. Instead, the CFTC emphasized that companies should take a risk-based approach and implement compliance policies and procedures that address the individual company’s specific risks. Steps taken by a company that is the subject of an enforcement investigation to improve its compliance program is one of the mitigating factors that the division will consider when recommending a civil resolution and could lessen the severity of penalties for companies with violations.
Even more notable is the CFTC’s acknowledgement that the fact that a company already has a compliance program in place that is (a) tailored to its specific risk factors, (b) implements specific policies and procedures to prevent misconduct, and (c) trains company employees to comply with the CEA and CFTC regulations, is likely to lessen penalties for the company if and when a violation does occur. Accordingly, the ideal time to focus on ensuring that a company has an effective compliance program is before problems arise.
The CFTC’s newest guidance provides a helpful checklist for companies to evaluate their compliance programs and highlights the importance of having a compliance program that companies periodically re-evaluate and update to address any deficiencies or additional risk factors that may have arisen.
It is also noteworthy that the CFTC is joining the approach of other U.S. enforcement agencies with jurisdiction over companies that are required to comply with commodities or securities laws, including the Department of Justice and the Securities and Exchange Commission. This will be especially helpful when companies are engaged in resolving issues that span multiple agencies and involve CFTC-regulated activities. A synchronous approach means that companies are more likely to see similar benefits across enforcement agencies and will be motivated to implement necessary changes, thereby creating more compliant companies and minimizing misconduct.