Proposed § 23.600(b)(2) required that a registrant’s risk management program be described in written policies and procedures, that such policies and procedures be
approved in writing by the registrant’s governing body, and that such policies and procedures be provided to the Commission upon registration and following any material change.
SIFMA recommended that the Commission clarify that written risk management policies and procedures need not be documented in a single, consolidated set, so long as such policies and procedures address all of the elements of the risk management program required by the proposed rules. Cargill commented that registrants should not be required to furnish risk management policies and procedures to the Commission, as such policies and reports can be obtained by the Commission by special call or reviewed during examinations. By way of contrast, Chris Barnard recommended that the Commission expand the reporting requirement to include public disclosure to allow for market
participants to assess a registrant’s approach to risk management and increase confidence in the swap markets.
In response to SIFMA’s and Cargill’s comments, the Commission is modifying the proposed rule to provide that an SD’s or MSP’s written policies and procedures must be provided upon application for registration to the Commission, or to a futures
association registered under section 17 of the CEA, if directed by the Commission, but thereafter only upon request of the Commission. Additionally, the Commission confirms that, so long as the required policies and procedures are maintained in a reasonably useable and accessible fashion, the rule is not intended to mandate the form or manner of documentation or retention.
With respect to Mr. Barnard’s recommendation, the Commission is not adopting a public disclosure requirement because registrants’ risk management policies and
procedures may contain sensitive or proprietary information. 5. Risk Management Unit § 23.600(b)(5)
Proposed § 23.600(b)(5) required SDs and MSPs to establish a risk management unit that reports directly to senior management, that is independent from the business trading unit, and that has sufficient authority and resources to carry out the risk management program required by the proposed regulations.
SIFMA recommended that the Commission clarify that different risk management processes may be managed by independent control functions, organized by relevant discipline or specialization, and that such functions, so long as they comply with the independence and other requirements applicable to the risk management unit, need not be part of a single risk management unit. To facilitate a functional working relationship, The Working Group recommended that the Commission clarify that separation of the risk management unit and business trading unit requires only separate and independent
oversight of business unit and risk management unit personnel, but not actual physical separation of such personnel.
BGA recommends that the Commission allow the risk and trading units to report to a shared senior officer, as long as the senior officer does not participate in directing, organizing, or executing trades. According to BGA, this would be consistent with the Federal Energy Regulatory Commission’s requirement for achieving independence between franchised public utilities and their market-regulated power sales affiliates, and would achieve the appropriate level of independence without requiring companies to overhaul their existing management structures.
Better Markets commented that simply requiring Risk Management Unit
independence is inadequate and recommends that the Commission ensure independence with rules similar to those proposed to ensure independence of research analysts in proposed § 23.605, while Cargill requested that the Commission provide greater flexibility in how SDs arrange monitoring and compliance of their risk management program, rather than rigidly requiring complete independence from the business trading unit.
Having considered these comments, the Commission is adopting the rule as proposed. While § 23.600(b)(5) does not require a registrant’s risk management unit to be a formal division in the registrant’s organizational structure, the Commission expects that an SD or MSP will be able to identify all personnel responsible for required risk management activities as its “risk management unit” even if such personnel fulfill other functions in addition to their risk management activities. In addition, § 23.600(b)(5) permits SDs and MSPs to establish dual reporting lines for risk management personnel
performing functions in addition to their risk management duties, but the rule would not permit a member of the risk management unit to report to any officer in the business trading unit for any non-risk management activity. The Commission believes that such dual reporting invites conflicts of interest and would violate the rule’s risk management unit independence requirement.
As requested by The Working Group, the Commission confirms that
independence of the risk management unit from the business trading unit does not require physical separation.
The Commission notes that per the revised definition of “senior management” discussed above, the risk management unit will not be required to report to an officer that reports directly to the CEO, but to ensure the independence of the risk management unit, the rule would not permit the risk management unit and business trading unit to report to a shared senior officer. The Commission also believes, however, that reporting line independence is sufficient to ensure accountability for the independence of the risk management unit, and, therefore, is not requiring firewalls of the type required in
§ 23.605 to ensure research analysts are free from conflicts of interest, as proposed by the Better Markets comment.