Title 17

PART 3 APPENDIX C



Appendix C to Part 3 - Guidance on the Application of § 3.3(e), Chief Compliance Officer Annual Report Form and Content

17:1.0.1.1.3.7.7.1.6 : Appendix C

Appendix C to Part 3 - Guidance on the Application of § 3.3(e), Chief Compliance Officer Annual Report Form and Content A. Description of the Registrant's WPPs (§ 3.3(e)(1))

In acknowledgment of the large number of WPPs that a Registrant implements to comply with CFTC regulations, the Commission understands that for purposes of the CCO Annual Report, specific WPP descriptions may be appropriately brief while still identifying the basic purpose of the policy or procedure and how the policy or procedure operates to achieve that purpose. The CCO Annual Report should include a summary overview that describes the general forms and types of WPPs the Registrant has, such as a compliance manual specific to the Registrant, global corporate manuals or policies, and/or business-unit-specific WPPs that support the applicable regulatory requirements. This summary overview would provide a narrative of the Registrant's system or program of WPPs, how they work as a whole, and how the Registrant generally puts the WPPs into practice as part of its compliance activities. With respect to the COI policy, it is the Commission's view that the CCO should describe the COI policy specific to the Registrant, addressing the specific requirements of § 1.71 or § 23.605 of this chapter, as applicable.

B. Assessment of the Effectiveness of the Policies and Procedures (§ 3.3(e)(2))

The Commission expects a CCO Annual Report to contain a comprehensive discussion of: the assessment process; and the results of the effectiveness assessment. The regulation does not dictate the form or manner for the effectiveness assessment. Rather, the Commission would expect each Registrant to follow a process and present the resulting assessment in a form and manner that is appropriate for the size and complexity of the Registrant's applicable business activities and structure. While § 3.3(e)(2) no longer has a “requirement-by-requirement” standard, the CCO Annual Report should address all of the general areas of regulation applicable to the Registrant.

C. Areas for Improvement and Recommended Changes (§ 3.3(e)(3))

1. Section 3.3(e)(3) requires two components in the CCO Annual Report: an identification and discussion of each area that needs improvement; and a discussion of what changes are recommended to address each area needing improvement. In addressing these two elements, the CCO Annual Report should include, as applicable: A discussion of why the particular area needs improvement; a discussion of the proposed improvements and the time frame for their implementation; and a cross-reference to the regulation that a recommended change would address.

2. In general, identifying areas in need of improvement and recommending steps to effect those improvements should be a core function of compliance. Accordingly, a CCO Annual Report that makes no recommendations for changes or improvements to the compliance program may raise concerns about the adequacy of the compliance program review intended by the CCO Annual Report process. Moreover, there should be continuity from one reporting cycle to the next, such that where a previous CCO Annual Report discussed future changes or improvements that were being considered or planned, subsequent CCO Annual Reports should discuss the outcomes of the changes that were implemented during the most recent scope period, any monitoring or testing of those changes, whether any compliance issues arose from the changes and, if there were any issues, how those issues were handled. While this section may address improvements to the compliance program that have already been completed, the Commission believes that this section primarily should discuss recommended improvements in process and/or future plans to improve the Registrant's compliance program or resources devoted to compliance.

D. Resources Set Aside for Compliance (§ 3.3(e)(4))

1. The resources description required by § 3.3(e)(4) should be appropriate for assisting the Registrant's senior management and the CFTC in assessing whether sufficient resources are dedicated to compliance. Accordingly, the description should include the following types of information: the budget allocated to the compliance department of the Registrant for compliance with the CEA and Commission regulations; full-time compliance staffing levels for such compliance activities; partially allocated staff counts (if applicable), with information on how much of such employees' time is devoted to the Registrant's compliance matters that are subject to CFTC oversight; an explanation of managerial resources (the explanation should clearly identify the division between staffing resources and management resources devoted to compliance); general infrastructure information (e.g., computers, compliance-oriented software, technology infrastructure, etc.); and if applicable, a description of the use of third party vendors or outsourcing for compliance activities. In most cases, to effectively inform the board of directors or senior officer and the Commission, the description should include quantifiable information for the financial, managerial, operational, and staffing resources allocated to compliance with the CEA and Commission regulations.

2. The Commission understands that a discussion of specific compliance budget allocations may not be as straightforward as described above depending on the size and complexity of the Registrant's compliance program and the extent to which the Registrant's compliance resources may be shared for other non-CFTC regulated business activities. The purpose of the CCO Annual Report requirement is to convey to senior management and the CFTC a clear understanding of the resources the Registrant has set aside for compliance with the CEA and Commission regulations. While some of the compliance resources used in a Registrant's CFTC compliance-related program may be used for compliance activities in other parts of a larger corporate enterprise, this sharing of resources does not negate the Registrant's obligation to discuss how the Registrant's compliance program is being resourced. For those instances where compliance resources are shared, it is recognized that the description of the shared resources may reasonably be more general in nature, providing approximations and estimates based on expected needs. However, the Commission expects that the CCO Annual Report will still address shared resources in as much detail as is necessary to convey the information needed to assess the overall compliance activities of the Registrant.

3. Section 3.3(e)(4) also requires that the CCO Annual Report include a discussion of any material deficiencies in compliance resources. If there have been reductions in the compliance program of the Registrant since the prior reporting period, for example, if there has been a reduction in compliance staff, a significant compliance budget decrease, or the Registrant initiated significant new business activities without a corresponding increase in compliance resources, the CCO Annual Report should include an explanation of why the compliance resources are not deficient in light of the changes. If there are no material deficiencies in the resources devoted to compliance, the Commission recommends that the CCO Annual Report contain an express statement to that effect so that the recipients of the report can see that the requirement was assessed.

E. Material Noncompliance Issues (§ 3.3(e)(5))

The CCO Annual Report should include an explanation of the standard the Registrant used to determine a non-compliance event's materiality. In addition, this section of the CCO Annual Report should contain a description of each material non-compliance issue identified either through self-assessment procedures conducted within the Registrant, or noted by any external entities which conducted a review of the Registrant (such as a designated self-regulatory organization). The description should also include the corresponding actions taken, described in reasonable detail, as well as specific references to the Commission regulation or regulations that are implicated by the non-compliance event. Specifically, the Commission recommends that the CCO Annual Report include a discussion of the Registrant's deliberations on a course of remediation, how the implementation of the remediation is being or was executed, any follow-up testing of the remediation, and any noteworthy results from such testing. Additionally, the Commission recommends that CCOs consider including an overview of how the CCO or compliance department handles and tracks non-compliance events in general.

F. Material Changes to WPPs (§ 3.3(e)(6))

When describing any material changes to the WPPs, a description of the standard of materiality used should be provided. This description will provide meaningful context for any reported changes to the WPPs.

[83 FR 43523, Aug. 27, 2018]