Public Statements & Remarks

Statement of Commissioner Caroline D. Pham on Risk Management Program for Swap Dealers and Futures Commission Merchants Advance Notice of Proposed Rulemaking

June 01, 2023

I support the Advance Notice of Proposed Rulemaking (ANPRM) seeking public comment on potential amendments to the Risk Management Program (RMP) requirements in CFTC rules 23.600 and 1.11[1] (collectively, RMP Rules) applicable to swap dealers and futures commission merchants (FCMs), respectively.  I believe in continuous improvement for not only our market participants, but for the Commission and its regulations too. 

I would like to thank the staff of the Market Participants Division for working closely with me on this ANPRM, and making revisions in response to my concerns, in particular Amanda Olear, Pamela Geraghty, Fern Simmons, Elizabeth Groover, and Samantha Ostrom.  I also appreciate the opportunity to work collaboratively with the Chairman and my fellow Commissioners.

It is critical that the public has the opportunity to provide input on any potential amendment or expansion of RMP requirements that is informed by actual experience from risk management officers, other control functions, and practitioners who have implemented and complied with the RMP Rules for the past 10 years, oftentimes within a broader enterprise-wide risk management program pursuant to other requirements from other regulators. 

Because the CFTC’s rules are often only one part of much broader risk governance frameworks for financial institutions, the Commission must ensure that it has the full picture before coming to conclusions to ensure that our rules not only address any potential regulatory gaps or changes in risk profiles, but also avoids issuing rules that are conflicting, duplicative, or unworkable with other regulatory regimes.

For example, the CFTC currently has 106 provisionally registered swap dealers.[2]  Of these 106 entities, both U.S. and non-U.S., all but a handful are also registered with and supervised by another agency or authority, such as a prudential, functional, or market regulator.  Most of these swap dealers are subject to three or more regulatory regimes. 

Therefore, it is imperative that the Commission and the staff consider how the CFTC’s RMP Rules work in practice together with the rules of other regulators, whether foreign or domestic.  This key point is easily apparent in looking at the CFTC’s substituted compliance regime for non-U.S. swap dealers, where the Commission has expressly found that non-U.S. swap dealers in certain jurisdictions are subject to comparable and comprehensive regulation, and therefore permits such non-U.S. swap dealers to “substitute” compliance with home jurisdiction risk management regulations to satisfy CFTC rule 23.600.[3]

Issuing an ANPRM can be beneficial to initiate an open process to request information and stimulate dialogue with the public.  As stated in the preamble, “After Regulation 23.600 was initially adopted in 2012, the Commission received a number of questions from [swap dealers] concerning compliance with these requirements, particularly those concerning governance . . . .  The intervening decade of examination findings and ongoing requests for staff guidance from [swap dealers] with respect to Regulation 23.600 warrant consideration of the Commission’s rules and additional public discourse on this topic.”  The preamble also states, “Furthermore, a number of [swap dealers] have indicated that the quarterly [risk exposure reports] are not relied upon for their internal risk management purposes, but rather, they are created solely to comply with Regulation 23.600, indicating to the Commission that additional consideration of the [risk exposure report] requirement is warranted.” 

I commend the Commission and staff for seeking to address areas of potential confusion, inconsistency, and inefficiencies in the RMP Rules.  Risk management must be more than an exercise in paperwork.  And lack of regulatory clarity can actually inhibit compliance simply because our registrants are unsure of supervisory expectations and are unclear as to what to implement.  That is why I am focused as a Commissioner on providing clear rules and guidance to facilitate compliance with the Commission’s regulations.  I also support using this opportunity to improve our RMP Rules and I encourage commenters to explore how the RMP Rules could be aligned with other risk governance and risk management frameworks, such as prudential requirements for banking organizations, in order to more effectively and efficiently address risks.

Regarding potential risks related to the segregation of customer funds and safeguarding counterparty collateral, I will note that the CFTC’s existing rules are the gold standard for customer protection around the world.  Further, our existing rules also address potential risks posed by affiliates, lines of business, and all other trading activity.  While much attention has been paid to widespread fraud and failures of risk management in the cryptocurrency sector, it bears reminding that a so-called crypto exchange is a very different type of organization and business model from a highly regulated financial institution.  The public should take care to avoid conflating these completely different entities—it is at least as wholly unlike one another as a domesticated housecat and a wild tiger.  I look forward to comments on these two other areas of risk.

Nonetheless, neither the Commission nor our registrants should be complacent. I reiterate this statement in the preamble: “[T]he Commission also reminds [swap dealers] and FCMs that their RMPs may require periodic updates to reflect and keep pace with technological innovations that have developed or evolved since the Commission first promulgated the RMP Regulations.”  The benefit of a principles-based regulatory framework is that it can more quickly anticipate and adapt to changes in risk profiles or the operating environment.  I believe our rules must be broad and flexible enough to be forward-looking and evergreen, because it is simply not possible to prescribe every last requirement for the unknown future.  Accordingly, swap dealers and FCMs must be vigilant and address new and emerging risks in their RMPs through various risk stripes as appropriate—whether from changing market conditions, technological developments, geopolitical concerns, or any other event.

I welcome input from commenters to inform the Commission and the staff regarding the application of the RMP Rules to swap dealers and FCMs, especially those entities that are part of a banking organization, and to describe in a detailed manner the policies, procedures, processes, systems, controls, testing, and audits that are part of an RMP, and associated governance requirements.  In this way, it will be more clearly apparent to the Commission and staff that the vast majority of swap dealers and FCMs are part of enterprise-wide risk management programs that the industry spends billions of dollars on each year, with thousands of personnel across the three lines of defense.  In addition, the CFTC’s stringent RMP governance provisions ensure management accountability and responsibility, and the RMP Rules prescribe various requirements for swap dealers to address market risk, credit risk, liquidity risk, foreign currency risk, legal risk, operational risk, and settlement risk,[4] and for FCMs to address market risk, credit risk, liquidity risk, foreign currency risk, legal risk, operational risk, settlement risk, segregation risk, technological risk, and capital risk.[5]

Of course, financial institutions can still have lapses in risk management and weaknesses in their control environment.  This is evident in the high-profile news stories of the past few years.  But the appropriate response is for regulators, including the CFTC and National Futures Association (NFA), to increase focus and resources on compliance examinations to ensure that swap dealers and FCMs are complying with the rules we already have—not piling on more rules that ultimately do not enhance sound risk management and governance, and further dilute limited resources, time, and attention.[6]  In instances of especially egregious or prolonged deficiencies, material weakness, or misconduct by management, then enforcement actions may be appropriate, and the Commission should not shy away from this step.

[1] See 17 C.F.R. §§ 23.600 and 1.11.

[2] See CFTC provisionally registered swap dealers, as of January 30, 2023, available at

[3] On December 27, 2013, the Commission issued comparability determinations for certain entity-level requirements, including risk management, for the following jurisdictions: European Union; Canada; Switzerland; Japan; Hong Kong; and Australia.  See Comparability Determinations for Substituted Compliance Purposes, available at (July 11, 2023).

[4] 17 C.F.R. § 23.600(c)(1).

[5] 17 C.F.R. § 1.11(e)(1)(i).

[6] See Opening Statement of Commissioner Caroline D. Pham before the CFTC Technology Advisory Committee, March 22, 2023, available at