THE INTERNET--TESTING THE LIMITS
OF GLOBAL REGULATION
John E. Tull, Commissioner
Commodity Futures Trading Commission
with the assistance of Andrea M. Corcoran, Director,
Division of Trading and Markets
The Seventeenth International Swiss Commodities, Futures
and Options Association Burgenstock Meeting
September 6, 1996
Modern communication technology often is said to be the prime mover accelerating the pace of globalization of the markets. But it is the recent introduction of user friendly search and browse technology to the universe of cyberspace that brings the Internet-- a network of computers originally developed in the 1960's by the US Department of Defense --to the top of world regulators' list of priority concerns.
The Internet combines the capability of the mails, the fax, the phone, video, graphics, credit card and archive systems in a single, low-cost, world-wide interactive computer network. To bring this home, this network brings together the customer, broker, market, quote vendor, and bank in an electronic environment that knows no sovereign, is beyond the reach of any single regulator, respects no geographic boundaries and applies no special law. An information highway without road signs, signals and traffic cops, as it were.
As of today, it is estimated that over 68 million people are users of the Internet and almost 500,000 websites have been established. The trend toward Internet usage is such that a whole industry is growing up whose primary purpose is to provide efficient connections to this electronic network. It is estimated that every two minutes during business hours a new site is established. At the Commodity Futures Trading Commission, we have an extensive homepage, including a special place committed solely to enforcement isues, and have gone from having l0 employees with electronic mail addresses to over 500 in less than two years time. Every U.S. futures exchange has a website--and most are exploring how to use this vast communication mechanism to promote their markets.
The Internet, then, is not just a phenomenon--it represents a communications revolution. As such, it presents both new opportunities and challenges to us as international regulators, self-regulators and markets. Not surprisingly, it already is the subject of two IOSCO mandates for further study, and of multiple regulators' pronouncements on how they intend to interpret the applicability of their rules and regulations. The Internet also is the focus of several working groups representing retail banking, personal finance, insurance, equity trading, regulation, security and payment and settlement systems at the U.K.-based Centre for the Study of Financial Innovation, was on the agenda at recent international meetings held in June in Helsinki, and has moved to the front of the line of issues being debated by industry groups hoping to exploit its efficiencies and to avoid being made obsolescent by its development.
The Commission is reacting to the Internet revolution in several ways.
The Internet, with its low cost means of sending and receiving information, has incredible potential to help us educate the consumer and serve those we regulate. At the CFTC, we can disseminate important information and the public can directly access, free of charge, the following:
Commitments of Traders Reports;
Advisories on Commission actions;
Notices of sanctions in effect against wrongdoers;
Capital, segregation, and related public financial information on registered futures commission merchants (that is, commodity brokers);
Commission enforcement actions;
Advisory committee and roundtable background materials and transcripts; and
We are just beginning to explore the full potential. Last week, alone, our homepage was visited over 16,000 times by users in 28 countries on 6 continents.
We are also exploring using the Internet as a mechanism for receiving information ranging from consumer complaints to formal filing or delivery of required documents to the Commission, self- regulatory organizations, and customers. In this connection, we are grappling with such issues as verification of electronic signatures and encryption of materials to assure security from tampering.
On October 15, the CFTC will kick off a pilot program to allow commodity trading advisers and commodity pool operators to file required disclosure documents with us for electronic review, thus saving the regulated industry and the agency time, paper and money. We also are receiving comments on public rulemakings in electronic form. Indeed, we are looking at every aspect of our operations to facilitate electronic transmission of data consistent with our regulatory mission.
Beyond these domestic initiatives, we believe that, to the extent the security issues can be resolved, the Internet is an ideal mechanism for facilitating global cooperation and information sharing. For example, as the result of one post-Windsor initiative relating to cooperation among regulators, we now participate in an on-line international regulators' contact list maintained by IOSCO intended to improve inter-regulatory cooperation when Barings-like events occur. Use of the Internet materially eases the task of assuring multiple phone numbers and official contacts for particular types of market events are up to date by allowing participating markets to keep their own entries current. International markets who likewise have agreed post-Windsor to produce information statements along the lines of an outline developed by the Futures Industry Global Task Force on Financial Integrity and the model drafted by certain U.S. futures exchanges can assure widespread circulation of such statements to a large audience of potential market users through the Internet. We at the CFTC applaud all such moves toward further transparency of market integrity regimes.
Just as we are acknowledging and attempting to take advantage of this medium to make our regulatory program better, we are also struggling to assure that our surveillance, regulatory and enforcement efforts are not hindered or confounded in this frontier environment. The mere accessibility of the Internet to the public at large, the huge volume of usage and, in particular, the fact that users can visit virtually any site world-wide without restriction, and often without detection, raises fundamental issues for regulators charged with preventing fraud, manipulation or rogue markets. These issues include:
WHAT ARE THE GROUND RULES?
TO WHOM DO THE GROUND RULES APPLY?
HOW DO WE FIND AND ESTABLISH VIOLATIONS? AND
ULTIMATELY, HOW ARE REGULATORS TO ENFORCE APPLICABLE LAW?
WHAT ARE THE GROUND RULES?
Our basic premise at the CFTC is that our "rulebook" is media- blind. That is, anti-fraud authority and relevant prophylactic rules apply to all forms of regulated activity irrespective of the media through which they are accomplished. In other words, choice of medium does not change the regulatory message.
And, it is my sense that there is general agreement that this belief is shared by the regulatory community at large. Implementation of this concept may be easier said than done, however. The quandary is how to translate rules and regulations largely developed for a paper-based, centrally-located market environment to this new communication system.
Moreover, regulators do not wish to unduly constrain the evolution or the versatility of the medium--its principal virtues-- consistent with their responsibilities to prevent fraud and protect against systemic risk. The Internet is a very powerful tool to bring new customers to the marketplace, to promote market services, and to make our markets more competitive. Among other things, it permits users to apply and manipulate system-based analytics to review historical data, to compare the returns of managed funds advisors and collective investment funds, to update portfolios of investments, and to receive more current return information than is currently available for most commodities investments--all of which are beneficial uses, if properly done.
Some of the issues regulators are struggling with are:
In some cases, the answer seems to be drawing the precise analogy: a directory, an advertisement, a library, a phone. The current wisdom is that the task is sufficiently complex that most US regulators have elected to demonstrate application of their rules by specific example. This avoids freezing an approach or laying out a roadmap for malfeasors while preserving the general principle of applying all rules regardless of the media in which regulated transactions occur.
In addition to these issues, there are issues related to the network itself becoming a market. At what point does the listing of quotes on a electronic bulletin board with the potential to reach a billion dispersed accounts worldwide become a marketplace subject to regulation in each location where a user can view that bulletin board? Only three months ago, the pundits were saying that use of the Internet as a market was largely a cash market issue, but every day there are new developments.
In the case of financial markets, these developments raise a question whether the law will prevent completed transactions on such a network from being repudiated. Another issue is whether the medium itself sufficiently protects confidentiality. Indeed, the SEC already has issued some timely guidance to "brewing" entrepreneurs as to disclosure and delivery requirements for securities bulletin boards and has required the funds related to such transactions to pass outside the network through appropriately licensed intermediaries. Nonetheless, there is nothing to prevent quote-driven over-the-counter derivative markets from finding the Internet an alluring place to broadcast quotes. In some jurisdictions, the potential for a dispersed interactive network to permit direct connections between buyers and sellers and to eliminate the middleman may render more difficult regulators' ability to apply existing financial services law to such developments.
TO WHOM DO THE GROUND RULES APPLY?
In many jurisdictions, the law applies to regulated institutions per se or institutions regulated because of their brokering, dealing, banking or custodianship activities. As a matter of international law, in general, conduct must occur or have effects in the jurisdiction seeking to apply its laws. What does this connote for applying local laws to the world of cybersurfing, hot buttons, hyperlinks, browsers, electronic products, and the like which can instantly transport a user across oceans and cultures?
Fundamentally, addressing only theory and not the practicability of enforcement, which will be touched on later in my remarks, any one jurisdiction's interpretation of its laws' application to the Internet raises two potential global concerns: First, that the law of any one jurisdiction would be cast so broadly that it purports to control conduct originating offshore or beyond the control of onshore users and potentially onshore regulators or, second, that the law would be cast so narrowly that it could be routinely evaded by originating signals from outside that jurisdiction. While some of these issues may be problems with use of the phones and the mails, the existence and low cost of the Internet and the ability to surf it without a trace makes the conceptual issues sources of real practical concern. Website owners are seeking to exploit the Internet's potential to reach a far-flung, unknown audience. They may be able to issue disclaimers but they will not desire to and may not be able to use passwords or other known technologies to restrict access.
We therefore are considering posting warnings to users on our homepages and requiring our regulatees to identify their Internet website addresses to assure that we can monitor their actions properly. Of course, it is always the scofflaws that will seek to elude our detection and enforcement activities.
This recitation of some of the issues points up that, fundamentally, regulation of the Internet once again highlights the need for international cooperative approaches to assuring the ability of any given jurisdiction to enforce its own laws without them being frustrated from afar. In light of the expansion of the Internet, it may be necessary to come up with some type of international gatekeeping or disclosure principles.
HOW DO WE FIND AND ESTABLISH VIOLATIONS?
Every day, unknown millions of users surf the Internet. On one day this summer, the CFTC found 5,000 webpages using the key words "commodity futures." This number would be compounded to over 73,000 if we also searched for the word "derivatives."
The Internet permits real-time, simultaneous communication by large numbers of persons with varying degrees of anonymity anywhere in the world. Users can begin and end solicitations at will at any time. Communications are instantaneous. It is a true democracy of users--no single government, jurisdiction or law controls Internet electronic traffic. Looking for fraud on the Internet can be like looking for a needle in a haystack.
To find violations of our law, at the CFTC, we have elected to combine a new, user-friendly means of receiving customer complaints electronically with a squad of "cybercops" who roam the "net" on a daily basis looking for financial crime with specially designed "search engines" or programs. We are patrolling websites, investment-related chat rooms, bulletin boards and newsgroups where fraud and other violative conduct could occur.
This activity already has borne positive results. Last week, the Commission issued final enforcement orders finding that two individuals had been acting as unregistered commodity trading advisers by using the Internet to solicit customers to open managed accounts and by directly providing customers with trading advice. In addition, the Commission found that neither individual had provided customers with a disclosure document that included information about the risks associated with trading futures. The orders require these individuals to halt their unregistered advisory operations and, in one case, to return funds to customers.
We also are coordinating our efforts with other federal and state law enforcement agencies, the National Futures Association, the National Association of Securities Dealers Regulation, Inc., the North American Securities Administrators Association, Inc., the Federal Trade Commission, the Securities and Exchange Commission and non-governmental entities, such as the National Fraud Information Center, which maintains a Web site and a toll free hot line for members of the public to report fraud or other illegal activity on the Internet.
Again, this is an area where regulators must form a common front to assure that we maintain our regulatory credibility.
HOW TO ENFORCE APPLICABLE LAW
International regulators, in addressing the environment of the Internet, have to be as creative and evolutionary as the Internet itself. It is not new in the financial services industry for the law to lag behind the development of the technology. In the electronic world, there is also concern that clever hackers can come up with new ingenious financial crimes.
Since local law can only stretch so far, it will be increasingly incumbent on regulators to cooperate with each other to assure that they are comfortable with the degree of enforcement that they are able to provide to this environment.
Obviously, a medium that permits a foreign passive site to be accessed by active customers under one of the many search programs available raises questions about who will have the regulatory jurisdiction to address misconduct by the operator of the passive site. For this reason, it is encouraging to us that this important issue has been moved to the forefront of the debate among international regulators in the coming weeks and months.
The right solutions for regulators confronted with the unique challenges that the Internet presents will emerge only if it is confronted internationally as well as at home. This is uniquely an international puzzle--and I am honored to have been asked to address it in this uniquely international forum.