Guest commentary by Jim Falvey.
Jim Falvey, general counsel for Green Key Technologies, has been an attorney in the derivatives space for over 15 years. He has served as general counsel of Eurex US and IntercontinentalExchange, as assistant general counsel for CME Group and, more recently, as general counsel and corporate secretary of R.J. O’Brien & Associates, a Chicago-based futures commission merchant.
Fifteen years ago
Before discussing Commodity Futures Trading Commission (“CFTC”) record retention, voice recording and disaster recovery rules, I think it’s worth reviewing the downside of not complying with these rules up front. Based on my experience, I strongly recommend that market participants get in front of these requirements or else they could find themselves in the undesirable position I was in about 15 years ago. Around that time the Internet and email were the latest cool tools for businesses (so new, in fact, that they still had that proverbial “shiny new car smell” to them).
It was clear then, as it is now, that each party to a lawsuit and/or in an administrative proceeding (including responding to a subpoena) had to turn over all documents to each other. This process is typically referred to as “discovery.” When presented with the question whether electronic data (e.g., emails) counted as “documents,” the courts ruled that there was no exception for the file format of the data/document. As such, emails, IMs, chats, Microsoft office documents, etc., all fell under the broad definition of “documents” that had to be turned over to a counterparty at the expense of the party providing the documents.
At that time, I worked for a large company that produced a lot of documents – electronic and otherwise. Given some misunderstanding on the part of a U.S. Attorney’s office, an investigation began into a specific event at the company. As a part of this investigation, the FBI and other government agents raided the company’s headquarters. They took every document they could find. Then, they looked at us and said, “We need your emails too.” We had no idea how much time and money that this request was going to cost us.
We pulled together a cross-functional team from IT, Legal, Operations, Administration and a few other groups. We also had to retain several outside IT experts to figure out how to get this data off of back-up tapes and/or the current system, search it for relevant inquiries and then produce it. There were only a couple of expert firms doing this sort of work at the time and none of them had seen this size of a request. We were the unfortunate guinea pigs.
Because there was no way to effectively search the data, we ended up manually reviewing over 10 million emails and spending millions of dollars to comply with this legally-mandated request. We had to retain 60 contract attorneys to sit at 60 computer screens and view emails several hours a day to try to find anything responsive. It took over 6 months to go through all of the data.
Ultimately, there was no smoking gun in the electronic data or otherwise. As loud as the Government investigation had begun, they were just as quiet in going away acknowledging that there was nothing to prosecute. Oops. Sorry about that good corporate citizen. The result was good for the company, obviously, but it had been incredibly frustrating, time consuming and expensive to get that good result.
Enter Dodd-Frank – Record Retention
One of the key goals of Dodd-Frank is transparency, i.e., shining a flashlight on the previously “dark” corner of the market known as “over-the-counter” (“OTC”). Aside from requiring trading through a Swap Execution Facility (“SEF”) or a Designated Contract Market (“DCM”) and clearing trades through Derivatives Clearing Organizations (“DCOs”), all OTC transactions must be reported to Swap Data Repositories (“SDRs”). More than that, however, the regulators have made clear that most market participants, including Futures Commission Merchants (“FCMs”) and Introducing Brokers (“IBs”) must keep their data for various periods of time up to five years, depending on the type of data (discussed below).
While virtually all market participants must comply with record retention rules of some sort, including DCMs, DCOs, SDRs, SEFs, Swap Dealers (“SDs”) and Major Swap Participants (“MSPs”), the focus of this article is on FCMs and IBs. Also, if an entity has a requirement to retain records under the Commodity Exchange Act (“CEA”) or under CFTC rules, it is not exempt from maintaining its own records even if it knows that another market participant is keeping those same records. So, even though an FCM may keep most of an IB’s records, the IB cannot rely on that to comply with CFTC rules. The IB can, however, enter into an agreement with a third party to retain its documents, including voice recordings and electronic files.
The newly amended rules, CFTC Regulations 1.31 and 1.35, require that non-oral records be kept for five years by, among others, FCMs and IBs. Such market participants must keep their written records for five years from the date created, with the records “readily accessible” for the first two years. For any data relating to an execution of a swap transaction, Rule 1.31 states that the records shall be kept for a period of five years after the swap expires, matures, is transferred or assigned. Rule 1.35 makes clear that the written records must be “kept in a form and manner identifiable and searchable by transaction.”
FCMs and IBs are required to keep a broad range of documents. As stated in Rule 1.35:
Each futures commission merchant…shall keep full, complete, and systematic records, which include all pertinent data and memoranda, of all transactions relating to its business of dealing in commodity interests and related cash or forward transactions.
The Rule goes on to identify various documents that fall under this definition, but the list is not exhaustive. So, for example, the CFTC expects firms to retain all orders (filled, unfilled or canceled), trading cards, signature cards, street books, journals, ledgers, canceled checks, copies of confirmations, bids, offers, instructions, trading data, market data, quotes, copies of statements of purchase and sale, and all other records that were prepared in the course of commodity business (or anything that led to the execution of a transaction).
Notably, this rule (1.35) includes “cash or forward transactions,” which is meant to include a “purchase or sale for immediate or deferred physical shipment or delivery of an asset related to a commodity interest transaction where…[such position] is used to hedge, mitigate the risk of, or offset one another.” This provision is one area where outgoing Chairman Gensler has exerted jurisdiction and control over the cash markets. I expect this trend to continue, i.e., the CFTC monitoring the cash/spot markets much closer post-Dodd-Frank.
Another new item under Rules 1.31 and 1.35 is the requirement that all phone conversations be recorded – and that the recording be maintained for a one year period. There is no getting around this rule by attempting to use email, text, facsimile, instant messaging, chat rooms, etc. The Rule specifically states that documents created in those formats must be retained too.
Like other data (of the written variety), the recording must be maintained in a way so that it’s quick and easy to track down any particular transaction. Ideally, it would be valuable if such a recording system allowed a firm to search the voice file (typically a .wav) for key words, so that a firm does not have to experience my nightmare from 15 years ago when such technology did not exist.
Lastly, the effective date for the oral recording to be in place at FCMs and IBs is December 21, 2013. The rules for written data are currently active.
In light of Hurricane Sandy, many firms have focused on their business continuity planning. Brokers (and their customers) cannot miss weeks of business because of an inability to get to the office – no matter what the reason. Accordingly, in the wake of the one-year anniversary of Hurricane Sandy, the Securities & Exchange Commission, FINRA and the CFTC came together and issued a joint notice concerning disaster recovery/business continuity a couple of weeks ago (the “Joint Notice”).
Aside from making good suggestions for firms to consider, such as relying more on remote access to one’s files and data, setting up alternative locations, determining what vendors are doing with business continuity and communicating the firm’s policies and plans, the Joint Notice reminds market participants that various rules and regulations may apply to them such that having a disaster recovery plan in place is required under law.
For example, the Chicago Mercantile Exchange and the National Futures Association enacted new requirements for the daily reporting of financial data beginning last year. Furthermore, in NFA Rule 2-38, the regulator requires all of its members (which includes, among others, IBs and FCMs) to have written business continuity and disaster recovery plans current and prepared for usage. Business continuity is one of the items on the NFA checklist for firms to review annually (and a regulatory audit item).
With careful planning, and efficient/effective use of technology, none of these requirements need to overwhelm market participants. Indeed, a number of these rules have been “on the books” for some time, but have only recently been focused on by the regulators post-Dodd-Frank, as well as post-Hurricane Sandy. The attention these rules have attracted is only going to grow and will not go away any time soon.