On May 30, 2017, the Commodity Futures Trading Commission (CFTC or Commission) published final rule changes that substantially revise Rule 1.31 (Revised Rule)1 to modernize record-keeping obligations for any person required by the Commodity Exchange Act or CFTC rules to keep records (a records entity).2 The Revised Rule becomes effective on August 28, 2017.
Background of Rule 1.31. Rule 1.31 is the Commission’s long-time regulation addressing the form and manner for retention and production of CFTC-required records. In recent decades, Rule 1.31 has permitted books and records to be stored electronically, subject to various technological requirements. Persons that used electronic storage systems were required to retain a third-party technical consultant to furnish required information to the Commission. Among its other provisions, Rule 1.31 imposed retention requirements and required persons subject to CFTC record-keeping requirements to make books and records readily accessible to certain regulators and the Department of Justice.
Reasons for the Final Revisions. In January 2017, the Commission proposed revisions to Rule 1.313 in response to various industry groups that petitioned for them. Industry groups explained that the technical requirements in Rule 1.31 had become outdated since Rule 1.31 was amended to address the storage of electronic records in 19994 and 2012.5 For example, some CFTC record-keepers either had to forgo more innovative storage systems — which were critical to protect against cybersecurity threats but not permitted by Rule 1.31 — in favor of more costly outdated systems that complied with the record-keeping rules, or they had to maintain both kinds of electronic systems.
The Revised Rule addresses these industry concerns by both modernizing and streamlining Rule 1.31. The standard in the Revised Rule is that required records be retained “in a form and manner that ensures the authenticity and reliability of such regulatory records.” By establishing greater flexibility through a technology-neutral and “less-prescriptive, principles-based approach” to record-keeping requirements, the Commission believes records entities will benefit from evolving technology without being burdened by obsolete rules.6
Modernized Requirements. Revisions include eliminating the following requirements:
(1) Native File Format. Records entities will no longer be required to keep electronic regulatory records in their native file format (i.e., in the format in which the record was originally created).
(2) WORM Requirement. The requirement that records entities retain electronic records in a nonrewritable, nonerasable format (i.e., the “write once, read many” or “WORM” requirement) will be eliminated.
For both the native file format and WORM requirements, the CFTC explained that the programs and concepts upon which those requirements were based are now either outdated or no longer supported by information technology manufacturers. Consequently, the deletions of these requirements are intended to permit market participants to use programs that are best suited to their technical needs without creating additional cost to maintain older systems.7
(3) Technical Consultant. Records entities will no longer be required to engage a third-party technical consultant or have the consultant file certain representations with the Commission regarding access to the records entity’s electronic regulatory records. The CFTC acknowledged that changing firm structures have eliminated the need to require an external consultant because market participants often hire in-house technical staff that are equipped to monitor record-keeping obligations.8
(4) Retention Period for Pre-Trade Swaps and Forwards Communications. The Revised Rule adjusts the retention periods so that records of pretrade communications for swaps and forwards required under CFTC Rules 23.202(a)(1) and (b)(1)-(3) must be retained only for five years from the date of creation, instead of for the life of the transaction plus five years, as previously required. The Commission also clarified the retention periods for other records.9
Among its other revisions, the CFTC also deleted “chain of custody” elements in the requirements for electronic record-keeping systems, though the Commission noted that it was not changing “the practical requirement that records entities maintain a comprehensive audit trail for all electronic regulatory records.”10 The Commission also decided against requiring records entities to maintain written policies and procedures designed to ensure compliance with Rule 1.31, although such a requirement was proposed. The Revised Rule also establishes new definitions for some of the terms used. For example, the Revised Rule replaces the term “books and records” with “regulatory records”11 to address the fact that “books and records” may not convey that record-keeping requirements extend to all associated electronic data.12
The CFTC noted that the Revised Rule does not impose any new record-keeping requirements on any records entity or overrule other record-keeping methods that are permitted under CFTC regulations.13 Therefore, entities such as commercial end-users subject to record-keeping requirements are still permitted to use their current retention practices so long as they are permitted by the Commodity Exchange Act, CFTC regulations, or existing CFTC relief or guidance.14