The Commodity Futures Trading Commission (CFTC or Commission) has significantly amended its recordkeeping requirements, a change that will affect all entities and individuals who are required to maintain books and records under the Commission's rules. These include registered entities, futures industry professionals and, in certain cases, market participants. As amended, the Commission's rule will be technology-neutral, providing record keepers with greater flexibility in how they may store and maintain records. The new requirements become effective on August 28, 2017.1
On May 23, 2017, the CFTC adopted the most significant updates to Rule 1.31 since 1999, when the rule was amended to specify that certain technologies were acceptable for the storage of electronic records, including micrographic media, optical disk, CD-ROM, or “any digital storage medium or system that preserves the record exclusively in a non-rewritable, non-erasable [WORM] format,” and to require that market participants retain a third party technical consultant.2 In 2012, the CFTC added, without a clear definition of the term, the requirement that electronic files be kept in their “native format.”3 In January 2017, recognizing the need to revamp its recordkeeping rule to align with contemporary electronic information systems, the Commission proposed the current changes to the rule, which supersede the 1999 and 2012 amendments requiring WORM and native formats, respectively.4 After tweaking certain of the proposed amendments based on industry feedback, the CFTC has adopted these new recordkeeping requirements.
New Recordkeeping Requirements
Regulation 1.31(a): Definitions
The Commission introduced and defined three key terms: “records entity,” “regulatory records” and “electronic regulatory records.”5
- “Records entity” encompasses anyone required by the Commodities Exchange Act (CEA or the Act) or Commission regulations to keep regulatory records;
- “Electronic regulatory records” are all regulatory records not created or maintained on paper; an
- “Regulatory records” include all books and records required to be kept by the CEA or Commission regulations, including any subsequent versions of each such record, and shall also include (i) any data necessary to access, search or display any such books and records and (ii) all data produced and stored electronically describing how and when such books and records were created, formatted or modified. The Commission decided not to define the term “metadata” so as not to limit the technology solutions records entities could pursue. It also clarified that it did not intend to impose a new requirement to maintain versions of a record before that record had become a regulatory record. Thus, a records entity's obligation to maintain data about a regulatory record begins after a regulatory record is created.
Regulation 1.31(b): Duration of Retention of Regulatory Records
Most notably, the amendments eliminate the requirements that records entities (i) store regulatory records in their “native file format” and (ii) retain a third-party technical consultant. In addition, the Commission made the following refinements to the retention period requirements for regulatory records under Rule 1.31:
- Regulatory records of pre-execution trade information involving swaps and related cash and forward transactions under CFTC Regulations 23.202(a)(1) and (b)(1)-(3) must now be maintained for only five years after their creation rather than the prior standard of the life of the instrument plus five years;
- Regulatory records of post-execution trade information involving swaps or related cash or forward transactions, however, must still be maintained for the life of the instrument plus five years;6
- Oral communications must be maintained for one year after the date of the communication;
- All other regulatory records must be maintained for five years from the date on which the record was created; and
- Regulatory records exclusively created and maintained on paper must be readily accessible for two years. However, electronic regulatory records must be readily accessible for the duration of the required recordkeeping period.
Regulation 1.31(c): Form and Manner of Retention
Abandoning its formerly prescriptive approach, the rule as amended is technology-neutral. Specifically, the Commission adopted a broad and flexible standard for record retention that all regulatory records be retained “in a form and manner that ensures the authenticity and reliability of such regulatory records.” The amended rule requires that with respect to electronic regulatory records, records entities:
- establish appropriate systems and controls that ensure the authenticity and reliability of electronic regulatory records, including, without limitation:
- systems that maintain the security, signature and data as necessary to ensure the authenticity of the information contained in electronic regulatory records and to monitor compliance; and
- systems that ensure the records entity is able to produce electronic regulatory records in accordance with the rule, and ensure the availability of such regulatory records in the event of an emergency or other disruption of the records entity's electronic record retention systems; and
- create and maintain up-to-date inventories that identify and describe each system that maintains information necessary for accessing or producing electronic regulatory records.
Regulation 1.31(d): Inspection and Production of Regulatory Records
The amendments regarding the inspection of regulatory records provide that records entities must, at their own expense, “produce or make accessible for inspection all regulatory records” to the CFTC or US Department of Justice. The requirements for the production of regulatory records depends on the form in which the records are kept. Paper regulatory records must be produced promptly upon request of a Commission representative, whereas electronic regulatory records must be produced promptly, upon request, in a reasonable form and medium as specified by the CFTC.
Proposed Regulation 1.31(b): Policies and Procedures
The Commission had proposed but, after commenters expressed concern, decided not to adopt a requirement that records entities maintain written policies and procedures reasonably designed to ensure compliance with Rule 1.31. The Commission concluded that the clearly defined obligations under the amended rule made the requirement for policies and procedures unnecessary.
These amendments to Rule 1.31 streamline the Commission's requirements and are an effort to align the recordkeeping rule with technological advances and industry best practice. Records entities should nevertheless carefully examine their compliance with the new requirements, because the Commission's shift from prescription to principle places a greater responsibility on record keepers to implement a robust recordkeeping system reasonably designed to ensure accurate and reliable records. In this regard, record keepers should bear in mind that under the rule, they must be able to produce their records in a format that the Commission specifies. Finally, the Commission's former requirements relating to using WORM technology and retaining a third-party consultant mirrored certain requirements of the Securities and Exchange Commission (SEC). Dual registrants should bear in mind that the new CFTC requirements granting greater recordkeeping flexibility may diverge from applicable recordkeeping rules of the SEC and self-regulatory organizations