On May 23, 2017, the Commodity Futures Trading Commission ("CFTC") finalized rule amendments to its recordkeeping rule, CFTC Reg. 1.31, as well as related technical amendments to CFTC Regs. 1.35 and 23.203. CFTC Reg. 1.31 specifies the form and manner in which records required by CFTC regulations must be kept by entities required to keep such records, referred to in the rule as "records entities." The regulation does not specify the types of records required to be kept; types of records are specified in other CFTC regulations. For example, for swaps, most of the types of records required to be kept are specified in CFTC Reg. 45.2. In general, the amendments to CFTC Reg. 1.31 modernize and make technology neutral the form and manner in which regulatory records must be kept. The CFTC notes that the final rule amendments do not impose any new recordkeeping requirements on any records entity and that existing recordkeeping methods under CFTC Reg. 1.31 remain valid for compliance with the rule as amended. The rule amendments are effective on August 28, 2017.
REQUIREMENTS ELIMINATED FROM REG. 1.31
The final rule amendments eliminate a number of outmoded requirements under CFTC Reg. 1.31 (last amended significantly in 1999), including the requirements for a records entity to:
- keep electronic regulatory records in their native file format (i.e., the format in which they were originally created);
- retain any electronic record in a non-rewritable, non-erasable format (i.e., the "write once, read many" or "WORM" requirement); and
- engage a third-party technical consultant that will file certain representations with the CFTC.
In lieu of these requirements, the rule adopts a "principles-based" approach that is intended to provide greater flexibility regarding record retention and production. Note that the eliminated requirements above mirrored certain requirements under rules of the Securities and Exchange Commission ("SEC"); to date, the SEC has not proposed to amend its recordkeeping rules, and dually registered broker-dealer/futures commission merchants will need to keep that in mind.
DEFINITIONS AND APPLICABILITY
CFTC Reg. 1.31 applies to a "records entity," which is defined to include any person required by the Commodity Exchange Act ("Act") or CFTC regulations to keep regulatory records (including non-registrants). "Regulatory records" include all books and records required to be kept by the Act or CFTC regulations, including any record of any correction or other amendment to such books and records; provided that, with respect to such books and records stored electronically, regulatory records shall also include: (i) any data necessary to access, search, or display any such books and records; and (ii) all data produced and stored electronically describing how and when such books and records were created, formatted, or modified. The CFTC clarifies that, under this definition, a records entity only has the obligation to maintain data about a regulatory record after it is created and not about the record before it becomes a regulatory record (e.g., drafts of an agreement created during a negotiation but prior to execution). "Electronic regulatory records" means all regulatory records other than regulatory records exclusively created and maintained by a records entity on paper.
The CFTC notes that the amendments to CFTC Reg. 1.31, which as mentioned above apply to non-registrants as well as registrants, "[d]o not override other methods of maintaining records that may be specified elsewhere in the Act or Commission regulations." Thus, the CFTC states that commercial end-users that are records entities, for example, "may continue to maintain records in accordance with their current practices if such are permitted by the Act, Commission regulations, or existing relief or guidance." As examples of such relief or guidance, the CFTC cites the recordkeeping relief it granted for trade options last year, under which a non-swap dealer/non-major swap participant is not required to comply with swaps recordkeeping requirements but instead may keep records of its trade option activities as it would in the ordinary course of business, and relief for unregistered entities that are members of designated contract markets or swap execution facilities from retaining text messages and maintaining records in a particular form and manner.
Unless specified elsewhere in the Act or CFTC regulations:
- a records entity must keep regulatory records of any swap or related cash or forward transaction (as defined in CFTC Reg. 23.200(i), other than regulatory records required by CFTC Regs. 23.202(a)(1) and 23.202(b)(1)-(3)), from the date the regulatory record was created until the termination, maturity, expiration, transfer, assignment, or novation date of the transaction and for a period of not less than five years after such date;
- if required to keep oral communications, a records entity must keep regulatory records of oral communications for a period of not less than one year from the date of such communication; and
- for regulatory records other than records described above, a records entity must keep such records for a period of not less than five years from the date on which the record was created.
A records entity is required to keep records that are exclusively created and maintained on paper readily accessible for no less than two years. Electronic regulatory records must be kept readily accessible for the duration of the required retention period.
As a result of these amendments, swap dealers will only be required to maintain electronic pre-execution communications records (i.e., records specified in CFTC Regs. 23.202(a)(1) and 23.202(b)(1)-(3)) for five years from their creation, a change from the current standard of the duration of the swap plus five years.
FORM AND MANNER OF RETENTION
Under CFTC Reg. 1.31 as amended, all records must be created and retained by a records entity generally in accordance with the following requirement (unless specified elsewhere in the Act or CFTC regulations): each records entity must retain regulatory records in a form and manner "that ensures the authenticity and reliability of such regulatory records" in accordance with the Act and CFTC regulations. This requirement reflects the principles-based approach of the rule amendments mentioned above, in lieu of prescriptive requirements about how to ensure authenticity and reliability.
For electronic regulatory records maintained by a records entity, CFTC Reg. 1.31 has a few additional requirements with respect to establishing appropriate systems and controls that ensure the authenticity and reliability of the records, including, without limitation:
- systems that maintain the security, signature, and data as necessary to ensure the authenticity of the information contained in electronic regulatory records and to monitor compliance with the Act and Commission regulations;
- systems that ensure the records entity is able to produce electronic regulatory records in accordance with the regulation, and ensure the availability of such records in the event of an emergency or other disruption of the records entity's electronic record retention systems; and
- the creation and maintenance of an up-to-date inventory that identifies and describes each system that maintains information necessary for accessing or producing electronic regulatory records.
INSPECTION AND PRODUCTION
CFTC Reg. 1.31 requires that a records entity, at its own expense, must produce or make accessible for inspection all regulatory records. All such records must be open to inspection by any representative of the CFTC or the Department of Justice. Regulatory records exclusively created and maintained on paper must be produced "promptly" upon request of a CFTC representative. A request for electronic regulatory records from the CFTC will specify a reasonable form and medium in which a records entity must produce such records, which must be produced promptly upon request. Originals of regulatory records may be provided to a CFTC representative temporarily; the CFTC representative shall issue a receipt for such records upon request from the records entity and, upon request from the CFTC representative, the records entity must issue a receipt for the return of such records.
PROPOSED REQUIREMENTS NOT ADOPTED
Notably, the final rule amendments do not include the requirement contained in the proposal that a records entity must establish, maintain, and implement written policies and procedures designed to ensure compliance with all obligations under CFTC Reg. 1.31 or a training requirement. In this regard, the CFTC concluded that the clearly defined obligations under the rule made the requirement for written policies and procedures unnecessary. Also not adopted was language requiring that a records entity must retain systems that maintain the "chain of custody elements" of any electronic regulatory record because the concept is already covered under the definition of "regulatory record," which includes all data produced and stored electronically describing how and when such books and records were created, formatted, or modified.