Clearinghouses play an important public interest role—they are critical market infrastructure intended to foster financial stability, trust, and confidence in U.S. markets.  Dodd-Frank Act reforms increased central clearing, thereby increasing financial stability.  Those reforms also concentrated risk in clearinghouses.  With that concentrated risk, it is critical that the Commission maintain vigilance in its oversight over clearinghouses to identify and monitor risk and promote financial stability.  This is most important for the CFTC’s monitoring of systemic risk.

Clearinghouse reporting is a cornerstone to the Commission’s oversight, including monitoring risk and promoting financial stability.  I support this rule because it strengthens and improves certain clearinghouse reporting requirements.

Strengthening reporting on risk characteristics of unusual products to be commingled facilitates effective Commission oversight in areas of emerging risk

First, the final rule strengthens requirements for reporting the risk characteristics of products to be commingled that are unusual in relation to other products that the clearinghouse clears.  A clearinghouse must obtain CFTC approval to commingle customer positions and associated funds of products that would otherwise be held in separate customer accounts.

This rule facilitates effective Commission oversight, as clearinghouses will provide better information for the CFTC to evaluate a request to commingle customer positions across asset classes.  This practice can be used to reduce margin requirements for customers with offsetting positions.  Margin requirements are an important element of financial stability, so any reduction should be carefully considered.

In addition to providing the CFTC an analysis of risk characteristics of the products to be commingled, this rule adds an analysis of any risk characteristics that are unusual in relation to the products that clearinghouse clears, as well as how it plans to manage any identified risk.  This addition will help the Commission better understand the risks posed by the commingling arrangement.

I also appreciate that the final rule incorporates the suggestion by a public interest group that the Commission go further and add that the analysis should specifically address the commingled products’ margining, liquidity, default management, pricing, and volatility risks that are unusual in relation to those currently cleared by the clearinghouse.  This is particularly important given that the derivatives industry is seeing a change with emerging products such as digital assets for example, that can carry emerging risk in each of these areas. 

Expanding reporting of change of control of the clearinghouse

I support the expansion of the rule requiring a clearinghouse to report any change to the entity or person that holds a controlling interest, either directly or indirectly, rather than the existing rule of reporting a change that would result in at least a 10 percent change of ownership.  The existing rule could mean that there would be no reporting when an entity increases its ownership stake in a clearinghouse from 45 percent to 51 percent.  That would leave the Commission blind to important changes of control.  This proposed rule would provide the CFTC with better understanding of the organizational structure of the clearinghouse, including control and ownership.  This is a critical change.

I read with interest the comment about changes to Regulation 39.19(c)(4) during the last Administration regarding Commission approval when a clearinghouse seeks to transfer its registration and open interest in connection with a corporate change.  While that is not the subject of this rule, I would be interested in learning more about the effects of those amendments and what is needed for the Commission to have greater control over a transfer of registration.  This is an issue that arose when it became apparent that LedgerX would be sold in FTX’s bankruptcy.

Strengthening the enforceability of reporting fields

Clearinghouses report information daily to the Commission such as initial margin, variation margin, cash flow, and position information for each clearing member, by house origin, and by each customer origin and customer account.  Over time, the Commission has provided detailed instructions and technical specifications in the Reporting Guidebook.  The whole purpose of the Reporting Guidebook was to ensure uniformity in clearinghouse reporting, as well as to ensure that the Commission received the right information for its surveillance and oversight of clearinghouses and the derivatives markets. 

I am pleased to support the Commission now requiring the reporting fields, rather than just serving as a guide, which will strengthen the enforceability of reporting fields and aid in clearinghouse accountability.  First, the Reporting Guidebook contains some reporting fields that are only optional, not required, but that would help the Commission in its oversight.  It is important to require these fields, removing a clearinghouse’s option not to report them.  Second, the types of clearinghouses registering with or applying to register with the Commission are changing.  Recently, for example, we have seen digital asset companies registering or applying to register, some with no history of being regulated.  It has become increasingly important that we have rules and regulations, rather than guides that can be ignored by new clearinghouses.

However, I do agree with the comment from a public interest group that it is important for the Commission to be nimble, particularly in light of emerging products and emerging risk.  I urge the staff to consider how we can both implement this new rule requiring the reporting fields, while also staying ahead of the risk curve in gathering the information needed or releasing additional guidance or rules.

Continuing concerns over cyber and other incident reporting

When it comes to expanding the reporting of cyber incidents and other incidents, the final rule dropped proposed requirements for expanded Commission reporting.  Let me start by saying that drafting new regulation is a process that works best with public input from the full range of interested parties.  While I supported this requirement at the proposal stage, I also understand the importance of listening to commenters about the practical effect of our regulations.[1]

However, the concern that caused us to propose the rule still exists.  The cyber threat is pervasive and increasing.  In fact, since the Commission issued this proposal last November, cyber incidents have continued to threaten the derivatives markets.  Notably, in January 2023, a third-party service provider, ION Markets, suffered a ransomware attack that disrupted trade processing at affected brokers. 

Early notification is key for the Commission’s ability to protect markets, including working with registrants and all those affected to coordinate a response.  The original proposal was based on CFTC staff finding a troubling lack of uniformity in how clearinghouses were reporting cyber incidents or incidents of other disruptions.  As discussed in the open meeting on the proposed rule, there were 120 reports of an incident made in fiscal year 2022.  Examination staff have learned of about perhaps as many incidents that they considered material where the CFTC should have been notified.[2]  They found that some clearinghouses did an excellent job of reporting, while others lagged way behind.[3]

The goal of the rule was to improve the uniformity of reporting incidents to the CFTC.  While I appreciate the commenters’ concerns about the consequences of removing the limitation that the incident be material, as well as other proposed changes, we still need to address the underlying problem in some way.

Additionally, the proposal also clarified that incidents requiring notification were not just those caused by cyber attackers, but also those triggered by accidents or malfunctions.  At the recent Technology Advisory Committee meeting, TAC member Professor Hilary Allen of American University Washington College of Law described how by some estimates, losses from accidental tech glitches exceed those from cyberattacks.[4]   I appreciate the discussion in the rule’s preamble, which reminds clearinghouses that the existing notification requirements already cover many instances of operator error.

Ultimately, given the experiences of the CFTC staff, the Commission needs to find the right fix that improves notifications.  I am pleased to see a commitment here to addressing this urgent need as cyber threats are the threats of our day.  The Technology Advisory Committee’s Cybersecurity Subcommittee is working on advising the Commission on how best to promote cyber resilience.

I am thankful for the Commission’s continued attention to this topic and I urge the staff to continue engaging with commenters, financial regulators, and the public, and to then propose new requirements.  In the interim, the Commission should also continue to work closely with clearinghouses to maintain two-way communication, and use our supervision and enforcement tools to ensure that we are staying on top of cyber and other incidents so that we can fulfill our responsibility in protecting markets.