Objective 5.4
| IT supports and enhances mission accomplishment through effective and efficient infrastructure, systems, and services. |
CFTC mission attainment is imperative to protect the public. IT development and enhancements will support critical business requirements through delivery of technological capability represented by quick, secure information access; analytical capabilities; and successful business process automation. To effectively accomplish its mission, the CFTC must keep pace with fundamental changes in the derivatives markets, increasing use of technology, and growing market complexity. The Commission must invest heavily and judiciously in IT to timely track market activity, understand the markets, and provide effective oversight. Prior year investments in infrastructure and system capabilities must be leveraged and built upon to provide services that multiply the effectiveness of staff, accomplishing integration between futures and swaps data and increased integration of CFTC systems and processes for monitoring registered entities, market and financial risk, market integrity, and trade practice, as well as systems and processes for enforcement and economic analysis.
In order to fulfill its mission, the CFTC depends heavily on its ability to quickly access and analyze large volumes of complex market data. The CFTC must use industry and government standards and best practices, with a focus on improving information management. Experience gained participating in using the Financial Information eXchange Markup Language (FIXML) standard for futures exchange Trade Capture Reports will be used to adopt a standards-based approach for all data interchanges and submissions, particularly for information needed by regulators. Managing information as a CFTC-wide asset will allow process automation and innovation to be accomplished more cost effectively and more flexibly, supporting the Commission as it adapts to constantly evolving markets and increasing the understanding of those markets. IT services will also be delivered with improved transparency to ensure that Commission strategies are effectively implemented. To facilitate this transformation, the CFTC is realigning its technology programs, creating an independent data collection, management, and analysis group reporting directly to the Chairman.
The CFTC will employ and leverage all legal, secure, and cost effective means of determining and assessing how and when to use IT to best enable CFTC to fulfill its surveillance, oversight, and enforcement responsibilities. The necessity to employ IT solutions is increasingly important in an environment of tight resources and as the Commission implements new regulations under the Dodd-Frank Act. CFTC staff will pursue arrangements with Federal research laboratories in order to pilot and apply where feasible advanced computing platforms for high-frequency and algorithmic trading surveillance and enforcement and will continually evaluate innovative commercial surveillance technology. The CFTC will continue to increase collaboration with other Federal financial regulators, sharing data, jointly analyzing market issues and trends (including systemic risk information), and coordinating on events like the May 6, 2010 Flash Crash. The CFTC will also share, to the extent practical, IT services and infrastructure as mandated by the Dodd-Frank Act.
Strategy 5.4.1 Ensure the highest practical return on both business and IT investments.
A focus on customer partnerships in requirements gathering and analysis will drive the delivery of responsive and efficient technological capabilities. IT will seek continuous improvement, ensuring that staff have the information access and analytical capabilities they need. The CFTC will deliver IT services that maximize the effectiveness of limited resources through the prioritization of investments based on mission impact or other productivity and efficiency measures. An enterprise-wide information and services architecture will support cost effective implementation of interdivisional and process-specific solutions. The CFTC will leverage the process and operational review necessitated by the Dodd-Frank Act to establish an enterprise-wide concept of operations and a consistent set of needs that will be addressed with a unified information and service framework.
Governance processes will reinforce close collaboration and open communication between program and IT staff. This transparency will help ensure that priorities and deliverables will add maximum value.
| FY 2011 | Integrate Commission strategic planning with IT strategic planning. |
|---|---|
| FY 2012 | Align IT governance with reengineered BPAC structure. |
| FY 2013 | Institute CFTC-wide data management. |
| FY 2014 | Establishment and sustainment of enterprise target architecture and transition strategy. |
| FY 2015 | Mature enterprise architecture and IT governance processes and tools to support continuous CFTC business transformation. |
To ensure CFTC business continuity, the Commission will move data and infrastructure from regional offices to headquarters and establish a collocation site for headquarters. This will not only isolate the Commission from IT service disruptions, but will also allow it to improve existing services and implement new services with minimal disruption.
| FY 2011 | Establish remote data replication of Tier 1, 2, and 3 to the Commission’s collocation facility. |
|---|---|
| FY 2012 | Establish system service support at the collocation facility for Tier 1 and 2 applications and data sets. |
| FY 2013 | Establish system service support at the collocation facility for Tier 3 applications and data sets. |
| FY 2014 | Test Business Continuity Operational Headquarters Failover to the collocation facility. |
| FY 2015 | Test Business Continuity Operational Headquarters Failover to the collocation facility. |
Strategy 5.4.2 Facilitate the usefulness and usage of information, increasing its availability, ensuring quality, and reducing staff time necessary to analyze relevant data.
Information is a strategic asset and must be managed as a CFTC-wide, industry, and public resource. Enterprise-wide management of data will increase transparency and facilitate collaboration between regulators.
Adoption of standards and best practices will improve quality, reduce loading times, and lower costs, especially when information must be aggregated from various entities and across markets. As existing systems are revised and new data requirements and collections are established to cover new types of registrants, market participants, products, and markets, industry standards from the International Organization for Standardization (ISO), the FIX Protocol Limited (FPL), Financial products Markup Language (FpML), eXtensible Business Reporting Language (XBRL), and others will be evaluated and incorporated as appropriate.
| FY 2011 | Develop data management governance and policy framework. Develop enterprise data management roadmap. |
|---|---|
| FY 2012 | Establish enterprise data warehouse and service oriented architecture for enterprise data management. Communicate enterprise data warehouse and service oriented architecture design to NFA, SEC, U.S. Department of the Treasury’s Office of Financial Research (OFR), and other regulators. Integrate FILAC system into enterprise data warehouse. |
| FY 2013 | Integrate TSS into enterprise data warehouse. Include swaps data in enterprise data warehouse. |
| FY 2014 | Integrate Integrated Surveillance System (ISS) into enterprise data warehouse. |
| FY 2015 | Link enterprise data warehouse with NFA, SEC, OFR, and other regulatory warehouses. |
To the extent it is practical, IT investments by industry and regulators should not be duplicative or redundant. Greater use of direct access information (based on high quality authoritative source data) will improve the consistency and timeliness of data access for staff and the public.
| FY 2011 | Plan dedicated connections to high volume DCMs and SROs. |
|---|---|
| FY 2012 | Implement dedicated connections to high volume DCMs and SROs. |
| FY 2013 | Receive and process swaps data pushed from existing SDRs. |
| FY 2014 | Integrate swaps data pushed from existing SDRs with existing systems. |
| FY 2015 | Integrate swaps data pushed from existing SDRs with external systems. |
Strategy 5.4.3 Automate key business processes.
Effective management of information enables and is enabled by automated processes that are critical to competitive environments and oversight of dynamic markets. Source information must be digital and should remain digital throughout all transactions and use. Use of automated data and analysis will reduce staff effort, ensure timely receipt of data, shorten time for data analysis, and improve data integrity, ultimately reducing regulatory burden on industry resources and enabling more efficient oversight. A number of mission-specific IT development activities have been discussed in the context of other CFTC strategic goals.
In addition, the Commission intranet will be completely redesigned as an all-CFTC employee portal to a full range of employee-related information. The Commission’s administrative and management systems and electronic document management system will be implemented, and internal management and administrative processes will be automated to increase productivity and transparency, promote consistency of practice, and prevent loss of institutional knowledge, resulting in a CFTC operating environment that supports high performance.
Furthermore, the Commission will continue to comply with the Federal Information Security Management Act (FISMA) in order to protect proprietary industry data and sensitive personally identifiable information. In addition to migrating Internet connectivity to a Managed Trusted Internet Service Provider (MTIPS)—Trusted Internet Connection (TIC)—the Commission will implement two-factor authentication for remote access to the CFTC network, email sender verification (anti-spoofing) controls when sending email to or receiving it from other government agencies, and standard security configuration baselines for servers. The CFTC will also automate several security controls and achieve continuous monitoring by implementing the Consensus Audit Guidelines’ 20 Critical Control recommendations.
| FY 2011 | Automate rule making support. Implement Forensics Lab. Implement Web site preservation system. Implement CFTCnet. Re-host CFTC.gov to provide improved services. |
|---|---|
| FY 2012 | Implement eDiscovery preservation and legal hold. Implement enhancements to document search and retrieval software. Implement Electronic Records Document Management (ERDM) enterprise search and taxonomy and metadata management. Division collaboration sites migrate to/integrate with CFTCnet. |
| FY 2013 | Implement automation of enterprise tips, complaints, and referral management. Implement Early Case Assessment System. Implement ERDM workflow and version control (five process groups). |
| FY 2014 | Implement enhancements to case management software. Implement enhancements to audio analytics. Implement ERDM workflow and version control (five additional process groups). |
| FY 2015 | Expand enterprise search to include eLaw and enterprise data warehouse. |