The first few years after the signing of the Dodd-Frank Act, the the narrative was all about the future – how an estimated 400 rulemakings would be implemented and how participants would be affected.
The future is here, as financial entities begin grappling with the new regulations. One such newly-implemented rule requires swap dealers, major swap participants (SD/MSPs) and futures commission merchants (FCMs) to undergo risk management program reviews. If you are keeping score at home, the SD/MSP reviews are required under CFTC Reg. 23.600 and for FCMs, it is CFTC Reg. 1.11.
It is important to note that these reports do not need to be filed with CFTC, but must adhere to the commission’s document retention rules, generally five years, and the commission has the right to check to see if the reports have been done annually. In other words, a firm can sidestep its responsibilities so long as it does not get spot-checked by the commission, which means the reviews had better be done, be done properly, and be documented as such.
Jim Falvey, veteran derivatives attorney, now a regulatory compliance manager at McGladrey, was part of a team that just completed such a review, for a U.S. swap dealer, and he shares a few of his insights from the front lines. He says that the clock starts ticking based on the end of an entity’s fiscal year, and the annual report must be completed no later than 60 days after the end of the fiscal year. Though the regulations do not require the use of a third party such as McGladrey to conduct the annual review and testing, if a third party is not used, it should be done by “qualified internal audit staff that are independent.”
So, what is involved in a review? According to Falvey, the process includes an assessment to determine whether policies and procedures are reasonable and consistent with CFTC regulations, as well as whether the firm is adhering to those policies and procedures. Areas under review for a SD/MSP would include market risk, credit risk, liquidity risk, foreign currency risk, legal risk, operational risk and settlement risk. FCMs have similar areas that are required to be reviewed, including segregation, technology risk and capital. “Plus,” he says, “it must be distributed to the firm’s chief compliance officer, senior management and the governing body for the SD, MSP or FCM.”
In reviewing the review, so to speak, Falvey offers up a few tips and suggestions for firms affected by the new rules. “Initially,” he says, “I would caution market participants to ensure that the reviewer is independent under the rules or a qualified third party should be engaged to perform such reviews.”
He also reminds firms to make sure the right people, whether internal or external, are selected to do the job. “A well-designed testing program will involve an understanding of the business units, robust procedures to address the relevant regulations and business needs and most importantly, frequent communication with key stakeholders to avoid surprises,” says Falvey. He says the process involves interviews with key people, as well as an exhaustive review, analysis and cataloguing of documents, both paper and electronic.
Finally, the reviewers should present key findings to key company personnel, and ensure that any finding that demonstrates a lack of compliance should be remediated as soon as possible.
Swap dealers, MSPs and FCMs are making their way through the process, and firms such as McGladrey assist not only as a third party reviewer, but also by developing industry best practices. Once we get a handle on the dealer risk management review and testing rule, we can tackle the other 399 Dodd-Frank rulemakings.