Introduction

Good morning and welcome to the first meeting of the Market Risk Advisory Committee (MRAC) in 2023 and our second MRAC meeting under my sponsorship.

As our agenda indicates, today we will engage in the CFTC’s first public meeting examining recent cyber disruptions that affected cleared derivatives markets.

On January 31, 2023, in a short statement, ION Cleared Derivatives, a division of ION Markets—a Dublin-based firm, acknowledged that “a cybersecurity event” had “affected some of its services.”[1] ION provides trading, clearing, analytics, treasury, and risk management services for capital markets and futures and derivatives markets. Many market participants, including some significant futures commission merchants, have entered into services agreements with ION for back-office trade processing and settlement of exchange-traded derivatives.

Because of this central role in trade processing, the cyberattack disrupted not only ION’s operations but also the operations of other market participants, triggering a ripple effect across markets.  The cyber-incident halted deal matching, required affected parties to rely on manual (old school) trade processing, and caused delays in reconciliation and information sharing and reporting, among other challenges.

Recognizing that many affected firms are within the Commission’s remit and subject to the Commission’s oversight, I am asking the MRAC membership and invited speakers to engage in a deep dive discussion exploring cyberthreats that create risk management concerns. Specifically, I am asking them to offer informed, expert guidance on two issues.

First, while we have long implemented and enforced cyber risk regulation for registered market participants, we cannot rest on our laurels.[2]  Technology is ever-evolving. Perhaps equally important, market structure concerns including concentration and consolidation require (re)evaluating and confirming that our existing risk management regulation is sufficiently robust to ensure effective cyber risk prevention and business continuity planning, cyberattack mitigation, and general recovery and resilience. Firms should have a day-one plan for responding to cyber-incidents.  We must not misperceive cyber risks as siloed, individual enterprise risk management concerns. All too often, cyber threats demand coordinated action across several market participants with thoughtful incorporation of large, systemically important market participants.

Second, our economy is a digital economy.  Global financial markets indisputably rely on the internet and the internet of things (IOT).  We are now witnessing the deployment of Web 3.0. The salience of third-party service providers and reliance on non-proprietary software for operational mechanics such as trade processing, margin determinations, and data distribution underscore the importance of revisiting our risk management regulations to ensure that the Commission has adequate visibility into the system safeguards of firms that may impact the operational integrity of registered market participants.  We must have fit-for-purpose cyber risk management regulations.  What are the contours of our regulation for third-party service providers who offer integral operational services to registered market participants?  Who determines if these services comply with our system safeguard regulations?

Our markets must increasingly navigate pervasive cyber threats deployed by well-resourced actors targeting critical infrastructure resources.  The alarming threats that we have recently witnessed reveal that cybersecurity preparedness contributes to economic security, public safety, and national security.

As the recent financial crisis illustrated, our markets are deeply interconnected with significant investment and relational correlations.  The interconnectedness and correlations may amplify the potential for contagion in the event of successful cyberattacks against critical infrastructure resources.  For more than a decade, I have advocated for regulators and market participants to prioritize cybersecurity and investigate the potential for cyberthreats to create systemic risk or national security concerns.[3]

While other regulators, affected firms, the industry, and the Commission remain in a fact-gathering phase, in the wake of the recent cyber-incident, it is imperative that the MRAC fulfill its duty to serve as a timely and transparent forum for critical discussions regarding resilience, recovery, and resolution.  As our financial market infrastructure becomes increasingly dependent on digital technologies, it is of the utmost importance that individual firm cyber defenses keep pace with evolving threats.  In addition, we must seek to enhance cybersecurity across the network of firms, large and small, that facilitate trade execution, clearing, and settlement in our markets.[4]

In light of these observations, during our meeting today you will hear the diverse viewpoints of the MRAC membership and other market participants, executive members of the Office of the National Cyber Director, fellow market regulators, prudential regulators, self-regulatory organizations,[5] academics, public interest advocates, the public and others as we begin to identify, examine, and explore both the vulnerabilities in our markets and specific policy interventions for consideration by the Commission, best practices for industry participants, and public-private partnerships or industry-engineered initiatives designed to effectuate collaborative cyber threat responses and create cyber-defenses for interconnected segments of our markets.

Agenda items arising from existing workstreams will reflect the MRAC’s continuing commitment to understand, measure, mitigate, and address risk management concerns at the core of our rapidly-evolving markets and at the center of our well-tailored regulatory framework.  These efforts underscore the role that MRAC, the other advisory committees, and the Commission play in enhancing transparency and ensuring the integrity of our markets—an issue that is the very subject of a hearing before the Senate Agriculture, Nutrition, and Forestry Committee this morning.[6]

Finally, consistent with the MRAC’s historic role in delivering first-of-its-kind or unprecedented reports and recommendations, we anticipate furthering the Commission’s focus on targeted recommendations to address climate-related risks in our markets and delivering recommendations for the regulation of digital asset markets.

Before we move into the substance of today’s meeting, I want to thank our Chairman, and Commissioners Goldsmith Romero, Mersinger, and Pham, for participating today and for their invaluable contributions to this discussion.  As the agenda for each of the five advisory committees takes shape, I think that it will be increasingly clear that there is common interest in addressing the challenges that our markets face.  This common interest will also reveal common ground that may enable us to find consensus and build bridges that lead us on a pathway from these challenges to effective solutions.  In accord with the statutes governing the advisory committees,[7] let’s consider and coordinate joint meetings that focus on parallel workstreams, leverage the talent and expertise of the resources across advisory committees and subcommittees, and deliver valuable recommendations that effectively address these issues.

*                      *                    *

Agenda

Today, we will hear from a number of distinguished speakers regarding a wide range of topics all relevant to the MRAC’s market risk-related mandate, including in the areas of emerging technology-oriented risks affecting the derivatives and related financial markets, such as recovery and resilience in the event of cyber-security incidents; central counterparty risk and governance; climate-related market risk; market structure developments; and interest rate benchmark reform.  We will examine the many facets of risk and risk management that traditional market participants and new entrants to our markets must navigate.

Increasing threats such as ransomware attacks require collective consideration of operational resilience, industry-wide communication, a major incident response plan, and protection of customer assets and information. In an incredibly timely discussion, Matthew Cronin and Caitlin Clarke with the White House’s Office of the National Cyber Director will share opening remarks, reflecting on the National Cybersecurity Strategy released last week.[8]

The National Cybersecurity Strategy outlines two key cybersecurity objectives: rebalancing the responsibility to defend cybersecurity and realigning incentives to favor long-term investments.[9]  To achieve these objectives, the National Cybersecurity Strategy suggests an approach to make our digital ecosystem more defensible, resilient, and values-aligned.  The approach rests on five key pillars: (1) defending critical infrastructure, (2) disrupting and dismantling threat actors, (3) shaping market forces to drive security and resilience, (4) investing in a resilient future, and (5) forging international partnerships to pursue shared goals.[10]

Following these introductory remarks, we will hear from Tom Sexton, President and Chief Executive Officer of the National Futures Association; Walt Lukken, President and Chief Executive Officer of the Futures Industry Association; Julie Holzrichter of CME; Amanda Olear, Director of the Market Participants Division of the CFTC and Greg Ruppert, Executive Vice President of FINRA.  We will examine the role of the National Futures Association in standard setting designed to mitigate cyberthreats and the Futures Industry Association’s central role in steering industry participants through the recent cyber-incident at ION.

We are fortunate to be the forum where FIA President and CEO and former CFTC Acting Chair Walt Lukken will announce an FIA initiative to form a global Cyber Risk Taskforce to develop recommendations for improvements to cyber preparedness in our markets.  According to President and CEO Lukken, the taskforce “will focus on several areas including existing cyber protections and protocols, the effectiveness of the industry’s initial response, best practices around reconnection, and safeguards around third-party service providers.”[11]  FIA intends to release an initial report on recent cyber incidents by the second quarter of 2023 and we look forward to reviewing that report.

A final panel for this section will include presentations by Ashwini Panse of ICE and Suyash Paliwal, Director of the CFTC Office of International Affairs (OIA), and Senior Special Counsel Kirsten Robbins of OIA.

CCP Risk and Governance

The work of the CCP Risk and Governance subcommittee has demonstrated the important role of the advisory committees on several occasions. Recently the CCP Risk and Governance subcommittee advanced recommendations regarding governance standards for DCOs,[12] including recommendations that form the basis for a pending proposed rulemaking.[13]  As the work of the CCP Risk and Governance subcommittee continues, additional discussion may include consideration of centrally cleared and non-cleared markets; liquidity preparedness of market participants; price volatility controls; recovery and resolution; variation margin processes in cleared/non-cleared markets; and responsiveness of cleared and non-cleared initial margin models to market stresses. [14]

Suyash Paliwal, Director of the Commission’s Office of International Affairs, and Kirsten Robbins, Senior Special Counsel, also in the Office of International Affairs will describe BCBS/CPMI-IOSCO margin workstreams announced in September 2022.

The Joint Steering Group on Margin (JSGM), an international working group comprised of members of the Basel Committee on Banking Supervision (BCBS), Committee on Payments and Market Infrastructures (CPMI) and International Organization of Securities Commissions (IOSCO) published a review of margining practices in September 2022.[15]  The margin report provides a data-driven analysis of margin dynamics and liquidity impacts during the high market volatility and “dash for cash” in March and April 2020.  The report follows from the consultation published in October 2021,[16] and considers the responses thereto, as well as identifies the following six areas for further work:  (1) increasing transparency in centrally cleared markets; (2) enhancing liquidity preparedness of market participants as well as liquidity disclosures; (3) identifying data gaps in regulatory reporting; (4) streamlining variation margin processes in centrally and non-centrally cleared markets; (5) evaluating the responsiveness of centrally cleared initial margin models to market stresses with a focus on impacts and implications for CCP resources and the wider financial system; and (6) evaluating the responsiveness of non-centrally cleared initial margin models to market stresses.

The margin report is a milestone in the work to analyze the most significant stress on global financial markets since the recent financial crisis.  Using data-driven analysis, the report documents the resilience of the derivatives and securities markets and the success of the reforms to mandate clearing and implement margin for non-centrally cleared markets following the great financial crisis.  The JSGM received feedback from thirty-three entities or groups on the consultation, representing stakeholders across the markets.  Consultation respondents generally viewed the consultation positively and agreed that the reforms put into place following the great financial crisis worked as intended, enabling market participants to continue to transact in risk transfer markets like derivatives during the period of market turmoil.  Particularly, the greater use of central counterparties and the implementation of non-centrally cleared margin rules mitigated counterparty credit risk.  Respondents also supported the report’s identification of the main drivers for the increase in margin requirements and the assessment of market participants’ preparedness to manage liquidity requirements.

Future of Finance

Chris Hayward, Chairman of Policy and Resources with the City of London Corporation will deliver opening remarks drawing on developments in the UK, which will be followed by two panel discussions.  Following his remarks, two panels will examine issues that the Future of Finance subcommittee may explore including the development of a digital assets regulatory framework.

Tim Massad, former CFTC Chairman and current Research Fellow at the Harvard Kennedy School, Mossavar-Rahmani Center for Business and Government, and Director of Harvard University’s M-RCBG Digital Assets Policy Project; Val Szczepanik, Director of the SEC’s Strategic Hub for Innovation and Financial Technology; Eun Young Choi, Director of Department of Justice’s National Cryptocurrency Enforcement Team; Mark Hays, Senior Policy Analyst at Americans for Financial Reform; and Alessandro Cocco, Vice President and Head of Financial Markets Group at the Federal Reserve Bank of Chicago will address anti-money laundering and sanctions issues relating to digital assets, self-certification risks, and operational risks arising from digital asset technologies.

A second panel including Brad Levy, CEO of Symphony, Hayden Adams, Founder and CEO at Uniswap Labs, Candace Kelly, CLO at the Stellar Development Foundation, Linda Jeng, Chief Global Regulatory Officer and GC at the Crypto Council for Innovation, and Caroline Malcolm, Global Head of Public Policy for Chainalysis, Inc., will address innovative use cases for digital ledger or blockchain technology, including DeFi, digital identity, and interoperability.

Climate-Related Market Risks

ISDA CEO and former CFTC Commissioner Scott O’Malia will offer opening remarks for the third section of the agenda, focusing on the importance of standard documentation and taxonomies for carbon credits, followed by a roundtable discussion exploring the integrity, accountability, and quality of carbon offsets and related derivatives; registries; enforcement actions against fraud; and calls for a working group to study these issues.[17]

The CFTC is deeply engaged in the discussion and development of interventions that address the growing and systemic threat that climate-related risk poses to our financial systems.  The Commission established the Climate-Related Market Risk Subcommittee in 2019 to provide a report to the MRAC identifying and examining climate change-related financial and market risks, including for derivatives markets.  In September 2020, the Climate Subcommittee released a wide-ranging report on climate risk in the U.S. financial system.[18]  The report made fifty-three different recommendations, ranging from establishing a price on carbon, to implementing data collection and analysis efforts, to incorporating climate risk into ongoing monitoring and testing regimes, to requiring disclosures of climate-related risks, and finally, to fostering the development and growth of risk management tools to manage these risks.  In addition, the Commission published a Request for Information (RFI) in June 2022 on climate-related financial risk.[19]  The CFTC also held a public convening concerning the voluntary carbon markets in conjunction with the issuance of the RFI.[20]

The Climate-Related Market Risk Subcommittee will continue the work begun under Chairman Behnam’s leadership, working to identify and prioritize recommendations that can be implemented under our existing authority.  Already, more than eighty comments were received in response to the RFI, which CFTC staff are still evaluating.[21]  Many of these comments call for specific regulatory action by the CFTC, which the Subcommittee may be able to assist the agency in formulating.

In addition to our internal and market driven-initiatives, U.S. Senators recently encouraged the CFTC to (i) investigate the integrity of currently approved derivatives and their underlying carbon offsets, and develop qualifying standards for carbon offsets that effectively reduce greenhouse gas emissions and can serve as underlying commodities for approved derivatives in the future; (ii) create a registration framework for offsets, offset brokers, and offset registries; (iii) pursue cases of individual project fraud; and (iv) develop a working group to study both the risk to investors associated with carbon offsets and derivatives (legal, reputational, and regulatory) and the systemic climate financial risk created by their availability and usage.[22]

Market Structure

A fourth section of the agenda will invite discussion from members of the Market Structure Subcommittee and invited presenters.  Brian Smith, Assistant Secretary for Federal Finance at the U.S. Department of the Treasury will present on treasury market structure and clearing. Biswarup Chatterjee, Managing Director and Head of Innovation for the Global Markets Division at Citigroup, will review market structure and liquidity impacts of reset block thresholds.

In 2019, the Market Structure Subcommittee identified a list of potential topics for consideration.  The topics fell into three broad categories, trading, clearing, and reporting.  The Market Structure Subcommittee formed working groups to explore issues within each area in greater detail and to develop forward-looking recommendations.  The Trading, Clearing, and Reporting working groups began meeting in January 2020.  In February 2021, the Subcommittee issued two reports, including (1) a report making recommendations regarding the “Made Available to Trade” (MAT) process; and (2) a report making recommendations regarding the swap dealer landscape.[23]

Biswarup Chatterjee will also discuss the question of proposed changes to swap block levels and their potential effect on market liquidity and product types.  In particular, he will examine (i) the history of the block size framework in swaps markets; (ii) the role of block sizes in the swaps market; (iii) pros and cons of having block sizes too small or too high and the resulting impact on market participants; (iv) revalidating the block size framework, and factors to consider how often sizes should be evaluated; and (v) provisions for temporarily changing block sizes given extreme events impacting market.  I look forward to this discussion and to hearing from members as to how we can address these important issues.

Interest Rate Benchmark Reform

A final section of the agenda will explore the progress of the Interest Rate Benchmark Reform Subcommittee.  With the swiftly-approaching deadline for the final transition from LIBOR to SOFR at the end of June, this discussion will serve as a crucial check-in on the ongoing transition efforts, as well as a review of remaining transition or implementation milestones.  David Bowman, Senior Associate Director for the Program Director Section, Monetary Affairs at the Board of Governors of the Federal Reserve System, and Nathaniel Wuerffel, Senior Vice President at the Federal Reserve Bank of New York, will speak to these issues.

I thank and recognize the work of the IRBR subcommittee, including Chair Thomas Wipf and Co-Chair Ann Battle.  The IRBR’s recommendations in connection with the transition of USD derivatives and related contracts away from LIBOR had a measurable impact on the market’s transition to SOFR.  In particular, the IRBR subcommittee’s SOFR First recommendation, unanimously adopted by the Commission as a best practice, was a phased initiative that recommended prioritization of derivatives markets trading in SOFR over LIBOR.  The SOFR First initiative was a watershed moment for building liquidity in SOFR.  This momentum facilitated greater adoption across global trading activity in cleared over-the-counter (OTC) and exchange-traded interest rate derivatives that reference the identified risk-free rates (RFRs).  The SOFR First recommendation, along with earlier recommendations on plain English disclosures for new derivatives contracts referencing LIBOR and the CCP discounting transition tabletop exercise, have contributed tremendously to ensuring a smooth and timely transition away from LIBOR.

I look forward to hearing from our IRBR panelists today.  It is important to raise awareness of the remaining milestones between now and the middle of 2023, so that the Subcommittee or the Commission has the opportunity to support or facilitate solutions to ensure that the transition from LIBOR is operationally successful.  DCO conversions will move cleared derivatives to SOFR in the months leading up to June 30, 2023, but, as we will hear, any market participants with exposure to U.S. dollar LIBOR in the non-cleared derivatives markets must, if they have not already done so, act now to transition that exposure or, at a minimum, agree to robust fallbacks

Conclusion

Thank you so much for joining us today.