CFTC on Systems Security and Margin for Uncleared Swaps
Commodity
Futures Trading Commission
Open
Meeting – Proposals on Systems Security and Margin for Uncleared Swaps
Wednesday,
December 16, 2015
Key
Topics & Takeaways
- Margin Rule Far from
Perfect: Commissioner Giancarlo said that while the
final rule on margin for uncleared swaps had improved over the initial
proposal, it is still “far from perfect.”
- Inter-Affiliate
Requirements: CFTC staff said that for inter-affiliate
transactions, variation margin would be required daily but initial margin would
not be required except in certain circumstances, subject to certain conditions,
including requiring that CSEs have a centralized risk management program in
place to monitor and manage the risk associated with inter-affiliate swaps on a
group-wide basis.
- Anti-Evasion:
Chairman Massad said that inter-affiliate transactions are not outward facing
and that they do not increase the overall risk exposure of the consolidated
enterprise to third parties. He further stated his belief that the treatment of
inter-affiliate transactions in the rule does not create “loopholes,” given
strong anti-evasion requirements, among other aspects of the release.
- Cross-Border Rule
Finalization: Chairman Massad said he hoped that the
CFTC’s proposal on the cross-border application of margin rules would be
finalized “early next year.”
-
Cybersecurity:
Commissioner Bowen expressed her support
for the two rule proposals on system safeguards to enhance cybersecurity, which
she claimed are necessary to ensure important data will not be compromised, as
well as to ensure the integrity of financial markets
Speakers
- Timothy G. Massad,
Chairman
- Sharon Y. Bowen,
Commissioner
- J. Christopher Giancarlo, Commissioner
- David Taylor, Division of Market
Oversight
- Julie Mohr, Division of Clearing and Risk
- Rachel Berdansky, Division of Market
Oversight
Opening Statements
In
his opening
remarks, Massad stated that the two proposed rules from the Division of
Market Oversight (DMO) and Division of Clearing and Risk (DCR) aim to improve
cybersecurity by mitigating technical or operational risk. Massad
explained that the Commission is focused on central counterparty (CCP)
resiliency in light of the vital role that they play in central clearing, as
well as automated trading (as indicated by the rule the Commission proposed a
few weeks ago), implementing the Dodd-Frank reforms, and fine-tuning rules
including with respect to SEF trading. In addition, moving forward the
Commission aims to improve and enhance swap data reporting requirements,
address SEF registrations, apply certain exemptions for SEF trading rules,
harmonize rules with European regulators and ensuring that markets work well
for commercial end-users.
Bowen expressed her support
for the two rule proposals on system safeguards to enhance cybersecurity, which
she claimed are necessary to ensure important data will not be compromised, as
well as to ensure the integrity of financial markets. Bowen explained that
system safeguards are necessary to protect against the “unrelenting onslaught”
of cyber attacks, and since markets are only as strong as the weakest link, she
argued that these rules will help establish a high baseline protection for CFTC
registrants.
In
regard to the final rule on margin for uncleared swaps, Bowen underscored the
importance of sophisticated risk management tools, including margin
requirements. Bowen asserted that if margin had been exchanged for swaps in
2008, firms would have had the resources they needed to unwind some of their
“bad bets” that would have obviated the need for taxpayer bailouts. As such,
Bowen claimed that margin requirements are a “critical safeguard” to reduce
systemic risk and excessive leverage. She argued, however, that the final rule
is “inadequate” relative to the September 2014 proposed version, since it
exempts covered entities from collecting initial margin on certain
inter-affiliate transactions. Bowen claimed that the inter-affiliate
exemption was a “mistake” for three reasons: 1) she doubted that large
financial institutions can adequately understand where, and what, their risks
are, as differences of political, financial and legal systems make it difficult
to predict how risks will unfold across a global entity; 2) not requiring the
exchange of initial margin between affiliates removes a key safety feature from
the regulatory system;” and 3) it goes “against the spirit and arguably even
the text of the Dodd-Frank Act” since it seems to be “a return to blindly
trusting” financial firms’ abilities to manage their own risk.
Commissioner Christopher Giancarlo
Giancarlo
maintained that cybersecurity is “one of the most important issues facing
markets today” in terms of financial integrity and financial stability.
He expressed his support
for the proposals since they generally reflect his preferred bottom-up
approach, directing firms to adopt industry best practices. However,
Giancarlo expressed concern that the new rules would impose additional costs on
SEFs while they are already “struggling” to adhere to existing requirements
under the Dodd-Frank Act. As such, he called on the Commission to alleviate
unnecessary compliance costs by correcting “flawed” swaps trading rules to
ensure SEFs have sufficient resources to devote to cybersecurity – which he
argued is a key “battleground” for 21st century markets.
On
margin requirements, Giancarlo explained that while the
final rule had improved over the initial proposal, it was “far from
perfect”. Giancarlo defended the decision to exempt initial margin
requirements from inter-affiliate transactions, as he believes such
transactions do not pose systemic risk and instead are an “important risk
management tool” for corporate groups. Referencing his Congressional
testimony from earlier this year, Giancarlo argued that imposing margin on
inter affiliate swaps would actually “increase risk of systemic hazard” in U.S.
financial markets. He further questioned the “superficial logic” that
increasing costs of uncleared swaps would force central clearing, and instead
explained that no amount of “punitive cost” will enable certain products to be
cleared if a clearinghouse is not willing to clear a particular swap. Rather,
Giancarlo argued that such “punitive levels of margin” will raise the cost of
commercial hedging, reduce trading liquidity in uncleared swaps markets, and
induce movement of products unsuitable for clearing into clearinghouses in
which concentration risks is already magnified.
Staff Proposal
David Taylor, Division of Market Oversight
To
ensure the reliability, security and capacity of systems, Taylor explained that
the proposed rule requires all derivatives clearing organizations (DCOs), swap
data repositories (SDRs) and covered designated contract markets (DCMs) to
implement: 1) vulnerability testing; 2) penetration testing; 3) controls testing;
4) security incident response plan testing, and (5) enterprise risk technology
assessment. Taylor explained that the proposed rules clarify what is
already required of CFTC registered firms, establish minimum testing frequency,
and apply independent contractor testing requirements for all covered entities.
Taylor foreshadowed that the proposed rule also includes an advanced notice of
proposed rulemaking to receive public input on whether the Commission should
apply these requirements to certain SEFs, as well.
Julie Mohr, Division of Clearing and Risk
Mohr
explained that vulnerability testing requirements would require DCMs, SEFs,
SDRs, and DCOs to remain cognizant that external entities are “constantly
probing its defenses” and that interconnections between software and hardware
can be exploited by intruders. She added that the vulnerability testing
requirements are aligned with the existing industry best practices and
standards, such as National Institute of Standards and Technology (NIST)
Framework, the cybersecurity standards set by the Federal Financial
Institutions Examination Council (FFIEC), and others. Mohr explained that
the proposed rules require vulnerability testing at a frequency determined by
an “appropriate risk analysis,” but no less than quarterly. Further, she
added that the proposed rules require vulnerability testing to be performed by
independent contractors during at least two of the quarterly tests to provide a
“fresh, external perspective.”
David
Taylor, Division of Market Oversight
Taylor
added that the controls testing requirement aims to ensure the reliability,
security and capacity of automated systems, as well as confidentiality,
integrity and availability of data and information. The proposed rules also
establish a minimum frequency, whereby controls testing should be conducted no
less than every two years or as determined by an appropriate risk-based
analysis.
Taylor
explained that the proposed security incident response plan (SIRP) testing
requirements are “crucial to cyber resilience” since they help identify,
respond to, mitigate and recover from security incidents. For instance,
he explained that table top exercises, simulations or other comprehensive
exercises would help fulfill the SIRP requirement.
Finally,
proposed rules require firms to conduct enterprise technology risk assessments
(ETRAs) and develop a written assessment including analysis of threats and
vulnerabilities at least annually, or as often as indicated by an appropriate
risk-based analysis. The ETRA requirement must be fulfilled either using
independent contractors, or using employees not responsible for developing or
operating the systems or capabilities being assessed, he explained.
Julie
Mohr, Division of Clearing and Risk
Mohr
reiterated that the proposed rules clarify existing CFTC rules concerning risk
analysis and oversight, books and record obligations, the scope of system
safeguards testing, internal reporting, and review of testing results, and the
remediation of vulnerabilities and deficiencies disclosed by the testing.
The
scope of testing, she explained, is broad to include testing of automated
systems and controls necessary to identify any vulnerability (which if
exploited) could enable an intruder to: 1) interfere with registrant’s
operations or fulfillment of statutory or regulatory responsibilities; 2)
impair or degrade the reliability, security, or capacity of the registrant’s
automated systems; 3) add to, delete, or otherwise compromise the integrity of
any data related to the registrant’s regulated activities; or 4) undertake any
unauthorized action affecting the registrant’s regulated activities.
Finally, she explained that the proposed rules require testing results to be
reported to and reviewed by senior management and the board of directors.
Comments and Questions
Bowen
asked whether the staff intended to propose rules extending system safeguards
and testing requirements to other market participants such as futures commodity
merchants, brokers, and major swap participants. Rachel
Berdansky, Division of Market Oversight, indicated that such a decision
falls under the remit of the Division of Swap Dealer and Intermediary
Oversight. However, she added that the National Futures Association (NFA)
adopted a rule in November 2015 that directs FCMs, swap dealers and major swap
participants, brokers, and commodity pool operators to develop information
systems security programs (“ISSPs”), which includes requirements to
conduct security and risk analysis, implement safeguards against identified
threats and vulnerabilities, and ongoing testing and personnel training
obligations.
Giancarlo
added that he encourages the public to read his written
statement on these proposed rules.
Massad
voiced his support for the proposed systems safeguard rules, adding that the
risk of cyber attacks is the most important single issue facing financial
market stability and integrity. Further, he claimed that failure in one
institution due to cyber breaches can have “significant repercussions” in light
of the interconnectedness of financial institutions. With respect to the scope,
Massad explained that he originally did not expect the proposed rule to apply
to SEFs, since they are in the early stages of operation. However, he
noted that the proposed rule does apply to SEFs particularly in response to his
fellow Commissioners’ influence.
Vote
The
Commissioners unanimously
approved the motions to adopt the DCR’s and DMO’s proposed rules on system
safeguards and testing requirements.
Staff Presentation – Margin for Uncleared Swaps
John
Lawton, CFTC Division of Clearing and Risk, explained that the final rule
applies to swap dealers (SD) and major swap participants (MSP) that are not
subject to regulation by one of the prudential regulators, “covered swap
entities” (CSEs), and that CFTC staff consulted with the Securities and Exchange
Commission (SEC), prudential regulators, and international regulators when
writing the rule. He noted that the rule imposes margin requirements on trades
between CSEs and any other SD or MSP, as well as trades between a CSE and
financial end users, highlighting that commercial end users would be exempt.
He
elaborated that the rule requires two way initial margin, posting and
collecting, on a daily basis for trades between a CSE and SD or MSP, as well as
trades between a CSE and financial end user that has over $8 billion in gross
notional uncleared swaps exposure, noting that this threshold was increased
from the $3 billion figure in the proposal, aligning with prudential regulator
and other global requirements.
Lawton
said that daily payment of variation margin would be required for trades
between a CSE and an SD, MSP, or financial end-user, noting that the gross
notional threshold does not apply for variation margin.
He
continued that the rule permits calculation of initial margin to be based on a
standardized table or internal models that use a 99 percent confidence level
over a 10 day liquidation period, while permitting establishment of a $50
million threshold below with initial margin exchange would not be required. He
added that the rule allows margin models to be approved by a registered futures
association.
Acceptable
collateral for initial margin, Lawton said, is the same as that allowed by the
prudential regulators and includes cash, sovereign debt, certain government
sponsored debt, investment grade debt, certain equities, shares of certain
money market funds, and gold. Variation margin, however, would need to be in
cash for dealer to dealer trades, but trades between dealers and financial
end-users could use the any of the types of collateral allowed for initial
margin, he explained.
Lawton
then noted that initial margin must be held in an independent custodian and is
not permitted to be rehypothecated.
On inter-affiliate transactions, Lawton said that variation
margin would be required daily but that initial margin would not be required
except in certain circumstances, such as when an affiliate does not collect
margin on an outward facing swap and then does a swap with a CSE, and subject
to certain conditions, including requiring that CSEs have a centralized risk
management program in place to monitor and manage the risk associated with
inter-affiliate swaps on a group-wide basis.
The
implementation schedule, Lawton explained, would be phased-in in five steps for
initial margin, beginning September 1, 2016 for the largest institutions and
ending September 1, 2020 for the smallest. Variation margin, he said, would be
phased-in in two steps beginning in September 2016 and ending March 2017.
Comments and Questions
Commissioner
Bowen
Bowen
asked how many trades in the market are “inter-affiliate trades.” Lawton said
that according to SDR data, inter-affiliate trades represent about 50 percent
of the market for interest rate and credit default swaps, though staff
clarified that this estimate was an “upper-bound” and that the inter-affiliate
transactions which would be exempt from IM requirements would be a subset of
this.
Bowen
then asked if the rule would provide incentives for dealers to increase the
number of uncleared trades they engage in. Lawton replied that since these
firms are not required to post initial margin now, the status quo will likely
be maintained once the rule is in place. He added that since prudential
regulators require inter-affiliate initial margin in some instances, however,
there may be movement of inter-affiliate transactions from prudentially
regulated entities to CFTC regulated entities.
Bowen
noted that some dealers already require collateral for inter-affiliate trades
and asked if the rule would be a lower threshold. Lawton agreed that some
institutions may be following a higher standard.
Bowen
then asked if institution would be better positioned in a crisis if they had
collected initial margin. Lawton noted that variation margin still needs to be
posted daily to prevent build up of risk, though if an institution collected
additional collateral it “would certainly help them.”
Bowen
asked if it is practicable to have CFTC regulated dealers not collect initial
margin from affiliates given the rule from the prudential regulators different
treatment. Lawton said that the statute contemplated that the rules of the CFTC
and the prudential regulators would not necessarily be identical and that any
differences reflect differences in the “general statutory scheme.”
Bowen
then asked how the rule works with the cross-border margin proposal. Paul
Schlichting, CFTC Office of General Counsel, said that the rule would be an
“overlay” of the cross-border proposal but that the CFTC may have to re-examine
the cross-border rule based on the final uncleared margin
rule.
Bowen
then noted there have been concerns in the cross-border space about
de-guaranteeing and asked if this is still a concern given that no margin will
need to be collected. Schlichting explained that the rule states that if
an entity is a foreign consolidated subsidiary it will still have to collect
margin on outward facing swaps and that guaranteeing is “separate and distinct”
from that.
Commissioner
Giancarlo
Giancarlo
supported the increase in the gross notional exposure threshold, saying it
brings the rule in line with international standards.
However,
he disagreed with the definition of financial end-user, saying it is
“overly-broad” and includes entities that are unlikely to act as counterparties
to swaps, such as floor brokers, introducing brokers, and futures commission
merchants acting on the behalf of customers.
Giancarlo
also objected to the 10 day liquidation period required for initial margin
models, saying it is a “made up number” and is not related to the true
liquidity profile of underlying swaps instruments.
Giancarlo
then raised concern about the cross-border implications of the rules, stressing
that regulators must avoid further fragmenting markets by imposing “another
regulatory framework that is inconsistent, confusing, or burdensome.”
Chairman
Massad
Massad
clarified that when staff was talking about not requiring initial margin on
inter-affiliate swaps they are only referring to swaps between consolidated
affiliates and that if there is less than 50 percent ownership than it is not
affiliated and is treated as a third party swap. He also noted that the
application of margin rules does not “turn on” whether there is a guarantee,
but rather depends on whether the entity is consolidated, thus margin
requirements for inter-affiliates is “unrelated” to the application of the
cross-border rule and the de-guaranteeing issue.
Massad
also highlighted that there are many inter-affiliate transactions other than
swaps, such as overhead allocation, sharing IT and leases, and working capital
arrangements that the CFTC does not regulate and that if there are concerns
with internal risk management activities occurring in a consolidated
enterprise, “let’s address them directly.”
He also noted that the prudential regulators’
situation is different because federal law already requires that when an
insured depository institution (IDI) engages in an inter-affiliate transaction,
the transaction must be fair to the IDI, and in many cases must also collect
collateral. Massad said that differences in the Commission’s views do not
reflect differences in level of concern about the safety of the system but
rather are differences in analysis on the purpose of initial margin and what it
would accomplish, saying that inter-affiliate transactions are not outward
facing and that “they do not increase the risk, the overall risk exposure of
the consolidated enterprise to third parties.” Massad further stated his belief
that the treatment of inter-affiliate transactions in the rule does not create
“loopholes,” given strong anti-evasion requirements, among other aspects of the
release.
He noted that the proposal on the cross-border
application of the CFTC’s margin rule provides that any affiliate that is
consolidated with a U.S. parent is subject to requirements to collect margin
from third parties, “no matter where that affiliate is located and whether or
not it is guaranteed by the U.S. parent.” He added, “I’m hoping that we can
finalize that part of the rule early next year.”
Massad
also said that the rule is generally consistent with the rule adopted by the
commission in 2013 that exempted inter-affiliate transactions from the clearing
mandate, where the commission “explicitly considered whether to require initial
margin or variation margin in the context of inter-affiliate transactions at
that time and decided that it would not do so.” He said requiring initial
margin on these transactions would “effectively undercut the inter-affiliate
exemption from clearing.”
Vote
The
Commission voted 2-1 to approve the final rule on margin for uncleared swaps,
with Commissioner Bowen dissenting.
More
information about this event can be accessed here.
,Blog Tags:,Blog Categories:,Blog TrackBack:,Blog Pingback:No,Hearing Summaries Issues:Derivatives,Hearing Summaries Agency:SEC,Publish Year:2015
Commodity
Futures Trading Commission
Open
Meeting – Proposals on Systems Security and Margin for Uncleared Swaps
Wednesday,
December 16, 2015
Key
Topics & Takeaways
- Margin Rule Far from
Perfect: Commissioner Giancarlo said that while the
final rule on margin for uncleared swaps had improved over the initial
proposal, it is still “far from perfect.”
- Inter-Affiliate
Requirements: CFTC staff said that for inter-affiliate
transactions, variation margin would be required daily but initial margin would
not be required except in certain circumstances, subject to certain conditions,
including requiring that CSEs have a centralized risk management program in
place to monitor and manage the risk associated with inter-affiliate swaps on a
group-wide basis.
- Anti-Evasion:
Chairman Massad said that inter-affiliate transactions are not outward facing
and that they do not increase the overall risk exposure of the consolidated
enterprise to third parties. He further stated his belief that the treatment of
inter-affiliate transactions in the rule does not create “loopholes,” given
strong anti-evasion requirements, among other aspects of the release.
- Cross-Border Rule
Finalization: Chairman Massad said he hoped that the
CFTC’s proposal on the cross-border application of margin rules would be
finalized “early next year.”
-
Cybersecurity:
Commissioner Bowen expressed her support
for the two rule proposals on system safeguards to enhance cybersecurity, which
she claimed are necessary to ensure important data will not be compromised, as
well as to ensure the integrity of financial markets
Speakers
- Timothy G. Massad,
Chairman
- Sharon Y. Bowen,
Commissioner
- J. Christopher Giancarlo, Commissioner
- David Taylor, Division of Market
Oversight
- Julie Mohr, Division of Clearing and Risk
- Rachel Berdansky, Division of Market
Oversight
Opening Statements
In
his opening
remarks, Massad stated that the two proposed rules from the Division of
Market Oversight (DMO) and Division of Clearing and Risk (DCR) aim to improve
cybersecurity by mitigating technical or operational risk. Massad
explained that the Commission is focused on central counterparty (CCP)
resiliency in light of the vital role that they play in central clearing, as
well as automated trading (as indicated by the rule the Commission proposed a
few weeks ago), implementing the Dodd-Frank reforms, and fine-tuning rules
including with respect to SEF trading. In addition, moving forward the
Commission aims to improve and enhance swap data reporting requirements,
address SEF registrations, apply certain exemptions for SEF trading rules,
harmonize rules with European regulators and ensuring that markets work well
for commercial end-users.
Bowen expressed her support
for the two rule proposals on system safeguards to enhance cybersecurity, which
she claimed are necessary to ensure important data will not be compromised, as
well as to ensure the integrity of financial markets. Bowen explained that
system safeguards are necessary to protect against the “unrelenting onslaught”
of cyber attacks, and since markets are only as strong as the weakest link, she
argued that these rules will help establish a high baseline protection for CFTC
registrants.
In
regard to the final rule on margin for uncleared swaps, Bowen underscored the
importance of sophisticated risk management tools, including margin
requirements. Bowen asserted that if margin had been exchanged for swaps in
2008, firms would have had the resources they needed to unwind some of their
“bad bets” that would have obviated the need for taxpayer bailouts. As such,
Bowen claimed that margin requirements are a “critical safeguard” to reduce
systemic risk and excessive leverage. She argued, however, that the final rule
is “inadequate” relative to the September 2014 proposed version, since it
exempts covered entities from collecting initial margin on certain
inter-affiliate transactions. Bowen claimed that the inter-affiliate
exemption was a “mistake” for three reasons: 1) she doubted that large
financial institutions can adequately understand where, and what, their risks
are, as differences of political, financial and legal systems make it difficult
to predict how risks will unfold across a global entity; 2) not requiring the
exchange of initial margin between affiliates removes a key safety feature from
the regulatory system;” and 3) it goes “against the spirit and arguably even
the text of the Dodd-Frank Act” since it seems to be “a return to blindly
trusting” financial firms’ abilities to manage their own risk.
Commissioner Christopher Giancarlo
Giancarlo
maintained that cybersecurity is “one of the most important issues facing
markets today” in terms of financial integrity and financial stability.
He expressed his support
for the proposals since they generally reflect his preferred bottom-up
approach, directing firms to adopt industry best practices. However,
Giancarlo expressed concern that the new rules would impose additional costs on
SEFs while they are already “struggling” to adhere to existing requirements
under the Dodd-Frank Act. As such, he called on the Commission to alleviate
unnecessary compliance costs by correcting “flawed” swaps trading rules to
ensure SEFs have sufficient resources to devote to cybersecurity – which he
argued is a key “battleground” for 21st century markets.
On
margin requirements, Giancarlo explained that while the
final rule had improved over the initial proposal, it was “far from
perfect”. Giancarlo defended the decision to exempt initial margin
requirements from inter-affiliate transactions, as he believes such
transactions do not pose systemic risk and instead are an “important risk
management tool” for corporate groups. Referencing his Congressional
testimony from earlier this year, Giancarlo argued that imposing margin on
inter affiliate swaps would actually “increase risk of systemic hazard” in U.S.
financial markets. He further questioned the “superficial logic” that
increasing costs of uncleared swaps would force central clearing, and instead
explained that no amount of “punitive cost” will enable certain products to be
cleared if a clearinghouse is not willing to clear a particular swap. Rather,
Giancarlo argued that such “punitive levels of margin” will raise the cost of
commercial hedging, reduce trading liquidity in uncleared swaps markets, and
induce movement of products unsuitable for clearing into clearinghouses in
which concentration risks is already magnified.
Staff Proposal
David Taylor, Division of Market Oversight
To
ensure the reliability, security and capacity of systems, Taylor explained that
the proposed rule requires all derivatives clearing organizations (DCOs), swap
data repositories (SDRs) and covered designated contract markets (DCMs) to
implement: 1) vulnerability testing; 2) penetration testing; 3) controls testing;
4) security incident response plan testing, and (5) enterprise risk technology
assessment. Taylor explained that the proposed rules clarify what is
already required of CFTC registered firms, establish minimum testing frequency,
and apply independent contractor testing requirements for all covered entities.
Taylor foreshadowed that the proposed rule also includes an advanced notice of
proposed rulemaking to receive public input on whether the Commission should
apply these requirements to certain SEFs, as well.
Julie Mohr, Division of Clearing and Risk
Mohr
explained that vulnerability testing requirements would require DCMs, SEFs,
SDRs, and DCOs to remain cognizant that external entities are “constantly
probing its defenses” and that interconnections between software and hardware
can be exploited by intruders. She added that the vulnerability testing
requirements are aligned with the existing industry best practices and
standards, such as National Institute of Standards and Technology (NIST)
Framework, the cybersecurity standards set by the Federal Financial
Institutions Examination Council (FFIEC), and others. Mohr explained that
the proposed rules require vulnerability testing at a frequency determined by
an “appropriate risk analysis,” but no less than quarterly. Further, she
added that the proposed rules require vulnerability testing to be performed by
independent contractors during at least two of the quarterly tests to provide a
“fresh, external perspective.”
David
Taylor, Division of Market Oversight
Taylor
added that the controls testing requirement aims to ensure the reliability,
security and capacity of automated systems, as well as confidentiality,
integrity and availability of data and information. The proposed rules also
establish a minimum frequency, whereby controls testing should be conducted no
less than every two years or as determined by an appropriate risk-based
analysis.
Taylor
explained that the proposed security incident response plan (SIRP) testing
requirements are “crucial to cyber resilience” since they help identify,
respond to, mitigate and recover from security incidents. For instance,
he explained that table top exercises, simulations or other comprehensive
exercises would help fulfill the SIRP requirement.
Finally,
proposed rules require firms to conduct enterprise technology risk assessments
(ETRAs) and develop a written assessment including analysis of threats and
vulnerabilities at least annually, or as often as indicated by an appropriate
risk-based analysis. The ETRA requirement must be fulfilled either using
independent contractors, or using employees not responsible for developing or
operating the systems or capabilities being assessed, he explained.
Julie
Mohr, Division of Clearing and Risk
Mohr
reiterated that the proposed rules clarify existing CFTC rules concerning risk
analysis and oversight, books and record obligations, the scope of system
safeguards testing, internal reporting, and review of testing results, and the
remediation of vulnerabilities and deficiencies disclosed by the testing.
The
scope of testing, she explained, is broad to include testing of automated
systems and controls necessary to identify any vulnerability (which if
exploited) could enable an intruder to: 1) interfere with registrant’s
operations or fulfillment of statutory or regulatory responsibilities; 2)
impair or degrade the reliability, security, or capacity of the registrant’s
automated systems; 3) add to, delete, or otherwise compromise the integrity of
any data related to the registrant’s regulated activities; or 4) undertake any
unauthorized action affecting the registrant’s regulated activities.
Finally, she explained that the proposed rules require testing results to be
reported to and reviewed by senior management and the board of directors.
Comments and Questions
Bowen
asked whether the staff intended to propose rules extending system safeguards
and testing requirements to other market participants such as futures commodity
merchants, brokers, and major swap participants. Rachel
Berdansky, Division of Market Oversight, indicated that such a decision
falls under the remit of the Division of Swap Dealer and Intermediary
Oversight. However, she added that the National Futures Association (NFA)
adopted a rule in November 2015 that directs FCMs, swap dealers and major swap
participants, brokers, and commodity pool operators to develop information
systems security programs (“ISSPs”), which includes requirements to
conduct security and risk analysis, implement safeguards against identified
threats and vulnerabilities, and ongoing testing and personnel training
obligations.
Giancarlo
added that he encourages the public to read his written
statement on these proposed rules.
Massad
voiced his support for the proposed systems safeguard rules, adding that the
risk of cyber attacks is the most important single issue facing financial
market stability and integrity. Further, he claimed that failure in one
institution due to cyber breaches can have “significant repercussions” in light
of the interconnectedness of financial institutions. With respect to the scope,
Massad explained that he originally did not expect the proposed rule to apply
to SEFs, since they are in the early stages of operation. However, he
noted that the proposed rule does apply to SEFs particularly in response to his
fellow Commissioners’ influence.
Vote
The
Commissioners unanimously
approved the motions to adopt the DCR’s and DMO’s proposed rules on system
safeguards and testing requirements.
Staff Presentation – Margin for Uncleared Swaps
John
Lawton, CFTC Division of Clearing and Risk, explained that the final rule
applies to swap dealers (SD) and major swap participants (MSP) that are not
subject to regulation by one of the prudential regulators, “covered swap
entities” (CSEs), and that CFTC staff consulted with the Securities and Exchange
Commission (SEC), prudential regulators, and international regulators when
writing the rule. He noted that the rule imposes margin requirements on trades
between CSEs and any other SD or MSP, as well as trades between a CSE and
financial end users, highlighting that commercial end users would be exempt.
He
elaborated that the rule requires two way initial margin, posting and
collecting, on a daily basis for trades between a CSE and SD or MSP, as well as
trades between a CSE and financial end user that has over $8 billion in gross
notional uncleared swaps exposure, noting that this threshold was increased
from the $3 billion figure in the proposal, aligning with prudential regulator
and other global requirements.
Lawton
said that daily payment of variation margin would be required for trades
between a CSE and an SD, MSP, or financial end-user, noting that the gross
notional threshold does not apply for variation margin.
He
continued that the rule permits calculation of initial margin to be based on a
standardized table or internal models that use a 99 percent confidence level
over a 10 day liquidation period, while permitting establishment of a $50
million threshold below with initial margin exchange would not be required. He
added that the rule allows margin models to be approved by a registered futures
association.
Acceptable
collateral for initial margin, Lawton said, is the same as that allowed by the
prudential regulators and includes cash, sovereign debt, certain government
sponsored debt, investment grade debt, certain equities, shares of certain
money market funds, and gold. Variation margin, however, would need to be in
cash for dealer to dealer trades, but trades between dealers and financial
end-users could use the any of the types of collateral allowed for initial
margin, he explained.
Lawton
then noted that initial margin must be held in an independent custodian and is
not permitted to be rehypothecated.
On inter-affiliate transactions, Lawton said that variation
margin would be required daily but that initial margin would not be required
except in certain circumstances, such as when an affiliate does not collect
margin on an outward facing swap and then does a swap with a CSE, and subject
to certain conditions, including requiring that CSEs have a centralized risk
management program in place to monitor and manage the risk associated with
inter-affiliate swaps on a group-wide basis.
The
implementation schedule, Lawton explained, would be phased-in in five steps for
initial margin, beginning September 1, 2016 for the largest institutions and
ending September 1, 2020 for the smallest. Variation margin, he said, would be
phased-in in two steps beginning in September 2016 and ending March 2017.
Comments and Questions
Commissioner
Bowen
Bowen
asked how many trades in the market are “inter-affiliate trades.” Lawton said
that according to SDR data, inter-affiliate trades represent about 50 percent
of the market for interest rate and credit default swaps, though staff
clarified that this estimate was an “upper-bound” and that the inter-affiliate
transactions which would be exempt from IM requirements would be a subset of
this.
Bowen
then asked if the rule would provide incentives for dealers to increase the
number of uncleared trades they engage in. Lawton replied that since these
firms are not required to post initial margin now, the status quo will likely
be maintained once the rule is in place. He added that since prudential
regulators require inter-affiliate initial margin in some instances, however,
there may be movement of inter-affiliate transactions from prudentially
regulated entities to CFTC regulated entities.
Bowen
noted that some dealers already require collateral for inter-affiliate trades
and asked if the rule would be a lower threshold. Lawton agreed that some
institutions may be following a higher standard.
Bowen
then asked if institution would be better positioned in a crisis if they had
collected initial margin. Lawton noted that variation margin still needs to be
posted daily to prevent build up of risk, though if an institution collected
additional collateral it “would certainly help them.”
Bowen
asked if it is practicable to have CFTC regulated dealers not collect initial
margin from affiliates given the rule from the prudential regulators different
treatment. Lawton said that the statute contemplated that the rules of the CFTC
and the prudential regulators would not necessarily be identical and that any
differences reflect differences in the “general statutory scheme.”
Bowen
then asked how the rule works with the cross-border margin proposal. Paul
Schlichting, CFTC Office of General Counsel, said that the rule would be an
“overlay” of the cross-border proposal but that the CFTC may have to re-examine
the cross-border rule based on the final uncleared margin
rule.
Bowen
then noted there have been concerns in the cross-border space about
de-guaranteeing and asked if this is still a concern given that no margin will
need to be collected. Schlichting explained that the rule states that if
an entity is a foreign consolidated subsidiary it will still have to collect
margin on outward facing swaps and that guaranteeing is “separate and distinct”
from that.
Commissioner
Giancarlo
Giancarlo
supported the increase in the gross notional exposure threshold, saying it
brings the rule in line with international standards.
However,
he disagreed with the definition of financial end-user, saying it is
“overly-broad” and includes entities that are unlikely to act as counterparties
to swaps, such as floor brokers, introducing brokers, and futures commission
merchants acting on the behalf of customers.
Giancarlo
also objected to the 10 day liquidation period required for initial margin
models, saying it is a “made up number” and is not related to the true
liquidity profile of underlying swaps instruments.
Giancarlo
then raised concern about the cross-border implications of the rules, stressing
that regulators must avoid further fragmenting markets by imposing “another
regulatory framework that is inconsistent, confusing, or burdensome.”
Chairman
Massad
Massad
clarified that when staff was talking about not requiring initial margin on
inter-affiliate swaps they are only referring to swaps between consolidated
affiliates and that if there is less than 50 percent ownership than it is not
affiliated and is treated as a third party swap. He also noted that the
application of margin rules does not “turn on” whether there is a guarantee,
but rather depends on whether the entity is consolidated, thus margin
requirements for inter-affiliates is “unrelated” to the application of the
cross-border rule and the de-guaranteeing issue.
Massad
also highlighted that there are many inter-affiliate transactions other than
swaps, such as overhead allocation, sharing IT and leases, and working capital
arrangements that the CFTC does not regulate and that if there are concerns
with internal risk management activities occurring in a consolidated
enterprise, “let’s address them directly.”
He also noted that the prudential regulators’
situation is different because federal law already requires that when an
insured depository institution (IDI) engages in an inter-affiliate transaction,
the transaction must be fair to the IDI, and in many cases must also collect
collateral. Massad said that differences in the Commission’s views do not
reflect differences in level of concern about the safety of the system but
rather are differences in analysis on the purpose of initial margin and what it
would accomplish, saying that inter-affiliate transactions are not outward
facing and that “they do not increase the risk, the overall risk exposure of
the consolidated enterprise to third parties.” Massad further stated his belief
that the treatment of inter-affiliate transactions in the rule does not create
“loopholes,” given strong anti-evasion requirements, among other aspects of the
release.
He noted that the proposal on the cross-border
application of the CFTC’s margin rule provides that any affiliate that is
consolidated with a U.S. parent is subject to requirements to collect margin
from third parties, “no matter where that affiliate is located and whether or
not it is guaranteed by the U.S. parent.” He added, “I’m hoping that we can
finalize that part of the rule early next year.”
Massad
also said that the rule is generally consistent with the rule adopted by the
commission in 2013 that exempted inter-affiliate transactions from the clearing
mandate, where the commission “explicitly considered whether to require initial
margin or variation margin in the context of inter-affiliate transactions at
that time and decided that it would not do so.” He said requiring initial
margin on these transactions would “effectively undercut the inter-affiliate
exemption from clearing.”
Vote
The
Commission voted 2-1 to approve the final rule on margin for uncleared swaps,
with Commissioner Bowen dissenting.
More
information about this event can be accessed here.