On September 10, 2020, the Commodity Futures Trading Commission (CFTC or Commission) announced the issuance of new, public, staff-level guidance by its Division of Enforcement (Division) that outlines factors to be considered when evaluating compliance programs in connection with enforcement matters. The guidance – the first of its kind issued by the Division – is slated to be published in the CFTC’s Enforcement Manual, and follows recent updates to the CFTC’s civil monetary penalty guidance.
The guidance also follows the trend of various U.S. enforcement authorities engaging in initiatives to provide greater transparency into their decision-making processes with respect to enforcement actions, and to encourage disclosure and cooperation. Indeed, according to CFTC Chairman Heath Tarbert, the goal is to highlight the Commission’s “commitment to transparency and clarity.” Division of Enforcement Director James McDonald also noted that the guidance is necessary because it will allow Division staff to evaluate corporate compliance programs “and companies seeking to cultivate a culture of compliance for their businesses.” The new guidance should therefore effectively advise firms on the benefits and risks of self-disclosure, particularly where the CFTC may seek to share enforcement jurisdiction with other agencies such as the Department of Justice (DOJ), which itself recently announced the creation of the Antitrust Division’s Office of Decree Enforcement and Compliance, which will be responsible for advising the Antitrust Division’s criminal sections when parties seek credit at the charging stage for their corporate compliance programs.
The CFTC made its Enforcement Manual public for the first time in May 2019. The purpose of the Manual is to be a general reference for Enforcement staff in the investigation and prosecution of potential violations of the Commodities Exchange Act (CEA) and CFTC regulations. This was a particularly crucial announcement noting the issuance of guidance on enforcement topics, such as cooperation and self-disclosure, just a few months prior. For example, in March 2019, the CFTC announced an Enforcement Advisory on self-reporting and cooperation for violations of the CEA involving foreign corrupt practices. The announcement was of particular import because it referenced coordination with other federal agencies, such as the DOJ Criminal Division. At the time of the announcement, Brian Benczkowski, then-Assistant Attorney General of the DOJ’s Criminal Division, noted that the “CFTC’s Advisory on self-reporting and cooperation will make clear to companies the significant benefits of voluntarily self-disclosing misconduct, fully cooperating with the government’s investigation, and remediating the misconduct.” In prior Advisories, the CFTC’s Enforcement Division made clear that it gives substantial credit for self-reporting and cooperation in determining the appropriate level of sanctions to impose or seek.
It is therefore no surprise that the CFTC moved to formalize guideposts for evaluating corporate compliance programs. Nor is it a surprise that the CFTC appears to continue to work with other agencies to carry out its enforcement objectives. In August 2020, for example, the Commission issued two orders filing and settling charges against The Bank of Nova Scotia (BNS) arising from manipulative and deceptive conduct spanning an eight-year period. The DOJ brought a parallel criminal proceeding. The CFTC’s combined orders require BNS to pay a total of $77.4 million in penalties and equitable relief, $60.4 million of which was due to BNS’s spoofing and attempted manipulation (Spoofing Order). From a compliance standpoint, the Spoofing Order found that BNS’s compliance function failed to detect and deter the unlawful trading practices and BNS’s compliance staff failed to act to stop the misconduct when they became aware of it. BNS was therefore required to retain an independent compliance monitor. The action brought by the DOJ’s Fraud Section announced a similar resolution, including the requirement of BNS to comply with certain obligations in connection with its corporate compliance program, including retaining an independent compliance monitor.
Evaluation of Corporate Compliance Programs
To help better detail how it will evaluate corporate compliance programs, the CFTC released high-level guidance to encourage companies to invest in robust compliance programs to prevent regulatory infractions.
When evaluating corporate compliance programs, the Division will consider, among other things, whether the compliance program was reasonably designed and implemented to achieve three goals: (1) preventing the underlying misconduct at issue; (2) detecting the misconduct; and (3) remediating the misconduct. The Division may consider whether, upon discovery of misconduct, the compliance program was reviewed and modified to address deficiencies. At all times, however, the Division will conduct a risk-based analysis considering a variety of factors, including the entity involved, the entity’s role in the market, and the potential market or customer impact of the misconduct.
When conducting its analysis, the Division’s staff is directed to consider whether the program was reasonably designed and implemented to prevent the misconduct at issue. In doing so, staff should consider, among other things, whether:
- written policies and procedures in effect throughout the period of misconduct reasonably addressed the type of misconduct at issue;
- training of staff, supervisors, and compliance personnel reasonably addressed the type of misconduct at issue;
- a failure to cure any previously identified deficiencies in the compliance program contributed to, or failed to prevent, the misconduct at issue;
- adequate resources, including funds, had been devoted to compliance; and
- the structure, oversight, and reporting of the compliance function are sufficiently independent from the business functions.
Division staff is also directed to question whether the compliance program was reasonably designed and implemented to effectively detect the misconduct at issue. The analysis includes determining whether the misconduct was independently identified through compliance mechanisms and the processes and procedures in place aimed at detecting misconduct. Evaluation shall also include consideration of the adequacy of:
- internal surveillance and monitoring efforts;
- the organization’s internal-reporting system and its handling of complaints; and
- procedures for identifying and evaluating unusual or suspicious activity to determine whether misconduct occurred, with regard for the sources, gravity, and extent of the organization’s risk violations.
Finally, the Division staff shall also consider the steps taken to assess and address the misconduct and any deficiencies in the compliance program upon the company’s discovery of the misconduct. This evaluation includes consideration of whether, in a sufficient and timely manner, actions were taken to:
- address any impact of the misconduct, including to mitigate and cure any financial harm to others and restore integrity to the relevant markets;
- appropriately discipline the individuals directly and indirectly responsible for the misconduct; and
- identify and address any deficiencies in the compliance program that may have contributed to a failure to prevent or detect the misconduct.
The CFTC has increased its focus on corporate compliance in the past several years, and this new guidance tracks with the agency’s prior stated policies. Indeed, while the CFTC has made a habit of highlighting compliance failures when announcing enforcement actions against companies—something it says it will continue—this new guidance may be sending a clearer message regarding the agency’s expectation that a robust compliance system, including one with the ability to evolve alongside the business, is necessary. The guidance does not, however, provide a granular approach, and offers fewer guideposts for companies as compared with the approach taken by, for example, the DOJ. Nevertheless, the document—while short—should provide a sufficient message to the industry and market participants that they will need to have a robust system and controls.
 U.S. Commodity Futures Trading Comm’n, Rel No. 8235-20, CFTC Issues Guidance on Factors Used in Evaluating Corporate Compliance Programs in Connection with Enforcement Matters (Sept. 10, 2020), available at https://www.cftc.gov/PressRoom/PressReleases/8235-20 (Guidance Press Release).
 U.S. Commodity Futures Trading Comm’n, Div. of Enforcement, Enforcement Manual (current as of May 20, 2020), available at https://www.cftc.gov/LawRegulation/Enforcement/EnforcementManual.pdf.
 U.S. Commodity Futures Trading Comm’n, Rel No. 8165-20, CFTC Division of Enforcement Issues Civil Monetary Penalty Guidance (May 20, 2020), available at https://www.cftc.gov/PressRoom/PressReleases/8165-20 (Penalty Guidance). Among other things, the Penalty Guidance directs CFTC staff to consider relevant mitigating or aggravating circumstances, and post-violation efforts to improve a compliance program.
 See, e.g., U.S. Dep’t of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (June 2020), available at https://www.justice.gov/criminal-fraud/page/file/937501/download.
 Guidance Press Release.
 U.S. Dep’t of Justice, Press Release, Rel No. 20-807, Assistant Attorney General Makan Delrahim Announces Re-Organization of the Antitrust Division’s Civil Enforcement Program (Aug. 20, 2020), available at https://www.justice.gov/opa/pr/assistant-attorney-general-makan-delrahim-announces-re-organization-antitrust-divisions-civil.
 U.S. Commodity Futures Trading Comm’n, Rel No. 7925-19, CFTC’s Division of Enforcement Issues First Public Enforcement Manual (May 8, 2019), available at https://cftc.gov/PressRoom/PressReleases/7925-19.
 U.S. Commodity Futures Trading Comm’n, Rel No. 7884-19, CFTC Division of Enforcement Issues Advisory on Violations of the Commodity Exchange Act Involving Foreign Corrupt Practices (Mar. 6, 2019), available at https://www.cftc.gov/PressRoom/PressReleases/7884-19.
 U.S. Commodity Futures Trading Comm’n, Rel No. 8221-20, CFTC Orders The Bank of Nova Scotia to Pay Record $77.4 Million for Spoofing and Making False Statements (Aug. 19, 2020), available at https://www.cftc.gov/PressRoom/PressReleases/8221-20.
 James M. McDonald, U.S. Commodity Futures Trading Comm’n, Memorandum, Guidance on Evaluating Compliance Programs in Connection with Enforcement Matters (Sept. 10, 2020), available at https://www.cftc.gov/media/4626/EnfGuidanceEvaluatingCompliancePrograms091020/download.
 Id. Where necessary, the Division will also consult with other CFTC divisions with relevant knowledge, experience or expertise.