CFTC Market Risk Advisory Committee (MRAC) Meeting – December 10

Commodity Futures Trading Commission (CFTC) Market Risk Advisory Committee (MRAC) Meeting 

OVERVIEW   

For questions on the note below, please contact Scott Parsons, Edmund Perry, or Ruth Lunsford. 

On December 10, the Commodity Futures Trading Commission (CFTC) Market Risk Advisory Committee (MRAC) held a meeting to discuss current topics and developments in central counterparty (CCP) risk and governance, market structure, climate-related risk, and emerging technologies that affect derivatives and related financial markets.  The CCP Risk and Governance, and Market Structure Subcommittees presented recommendations related to CCP cyber resilience and critical third-party service providers as well as cash futures basis trade.  The Future of Finance Subcommittee, and the Climate-Related Market Risk Subcommittee also provided presentations on workstream updates.  Public comments are due by December 17, 2024.   

Below is a summary of the meeting prepared by Delta Strategy Group.  It includes several high-level takeaways from all four panels, followed by summaries of opening statements and testimonies.  

KEY TAKEAWAYS

The following is a summary of the main topics explored in today’s hearing.  Each is discussed in further detail below.  

• The meeting had four panels. MRAC decided with a majority vote to send three sets of recommendations from the Market Structure Subcommittee, and Central Counterparty Risk and Governance Subcommittee to the full Commission for review.  

• Panel I: The Market Structure Subcommittee discussed Treasury markets, focusing on Treasury cash-futures basis trade and effective risk management practices.   

• Panel II: The CCP Risk and Governance Subcommittee discussed cyber resilience and third-party risk management and another the use of Legal Entity Identifiers (LEIs) at the beneficial account holder level.   

• Panel III: The Future of Finance Subcommittee featured Todd Conklin from the U.S. Department of the Treasury (Treasury) discussing AI’s role in finance.   
• Panel IV: The Climate-Related Market Risk Subcommittee discussed the intersection of climate risk and financial markets. 

OPENING STATEMENTS & REMARKS

Commissioner Kristin Johnson, MRAC Sponsor  

MRAC shapes global derivatives market regulations while addressing cyber threats, focusing on the March 2023 Ion cyber event affecting derivatives clearing markets.  The Committee will present recommendations on risk management practices, particularly regarding the US Treasury cash futures basis trade, and discuss critical issues around cyber threats and third-party service providers. 

Commissioner Christy Goldsmith Romero 

With the U.S. Treasury futures market averaging $750 billion in daily trading volume, the CFTC’s experience with central clearing has enhanced market resilience and transparency, serving as a potential model for broader Treasury markets.  As the CFTC’s Technology Advisory Committee (TAC) sponsor, key focuses include cybersecurity initiatives like the operational resilience proposal and the May report on Responsible AI, which addresses risks and recommends frameworks for AI in financial markets. 

Josh Frost, Assistant Secretary for Financial Markets, U.S. Department of the Treasury 

The SEC’s finalization of rules requiring central clearing of certain Treasury securities and repo transactions aims to reduce systemic risk and improve risk management practices. While the cash futures basis trade supports market functioning under normal conditions, Treasury is actively monitoring its leveraged nature through new data collection from Treasury’s Office of Financial Research on bilateral repo transactions and the SEC’s central clearing mandate to ensure market resilience during stress periods.  Several issues remain to be addressed, including market structure, client access models, accounting, and regulatory capital.  

Panel I: Market Structure Subcommittee 

Perspectives on Treasury Markets 

Speakers:  

Deirdre Dunn, Head of Global Rates, Citigroup; Chair, Treasury Borrowing Advisory Committee (TBAC)  

Scott Rofey, Global Head of Rates, Macro and Commodities Risk, Millenium; Member, TBAC  

Dave Rogal, Managing Director, BlackRock; Member, TBAC  

Market Evolution and Regulatory Response  

The U.S. Treasury market has grown significantly in complexity, prompting Treasury and IAWG to implement key resilience measures including a standing repo facility, Treasury buybacks, and central clearing.  By fall 2023, market attention focused on the “basis trade,” buying cash Treasuries and selling futures while expecting convergence, which relies on primary dealer leverage.  While initial concerns centered on leverage levels, the underlying price discrepancies called for a deeper examination. 

Risk Management Practices  

Risk management practices have evolved in response, exemplified by some firms implementing a two-tiered approach combining simple market growth ratios with risk-based assessments for margin calls and stress scenarios.  Their strategy includes securing over eighty percent of capital in five-year share classes and maintaining direct FICC membership for flexible repo activity. 

Treasury Futures and Market Structure  

Treasury futures serve three primary functions: managing interest rate risk, providing financing for opportunistic investments, and offering an alternative to repo transactions.  The instrument’s advantages include reduced operational burden, term finance benefits, and more favorable interest expense reporting.  Market evolution is evident in the Barclays Aggregate Index, where Treasury weight has increased from 20 percent to 45 percent over two decades. While futures typically employ modest leverage (10 to 20 percent of portfolio), managers accept financing costs like CTD basis and liquidity premiums to pursue higher returns. 

Key Recommendations and Action Items 

• Enhance market resilience through continued implementation of central clearing initiatives 

• Address the gap between market growth and primary dealer balance sheet capacity 

• Develop more sophisticated monitoring of basis trade dynamics beyond simple leverage metrics 

• Strengthen risk management frameworks to account for both simple ratios and stress scenarios 

• Consider standardization of reporting requirements for futures-based financing 

• Maintain focus on liquidity management through institutional relationships and clearing house memberships 

• Monitor the growing influence of Treasury weights in major indices and its impact on portfolio strategies 

Recommendations on the Treasury Markets Cash-Futures Basis Trade and Effective Risk Management 

Speakers:  

Nate Wuerffel, Head of Market Structure, BNY Mellon  

Alessandro Cocco, Senior Policy Advisor, Federal Reserve Bank of Chicago, on detail at the U.S. Treasury  

Tim Cuddihy, Managing Director and Group Chief Risk Officer, Depository Trust and Clearing Corporation (DTCC) 

Jennifer Han, Chief Counsel and Head of Global Regulatory Affairs, Managed Funds Association (MFA) 

David Bowman, Senior Associate Director, Federal Reserve Board (Fed) 

Market Evolution and Treasury Basis Trade Context  

The Treasury market’s evolution has drawn significant attention to the basis trade, particularly following market dysfunction during the pandemic.   Nate Wuerffel said the Treasury market’s vital role in global capital markets means disruptions can have systemic implications.  CFTC data shows traditional asset managers hold long Treasury futures positions that mirror short futures positions held by hedge funds and leveraged investors. 

Risk Management Framework 

Tim Cuddihy, DTCC, emphasized four key areas of risk management: continuous risk assessment using metrics and stress analysis; market risk management, particularly correlation and cheapest-to-deliver risk; liquidity risk evaluation; and counterparty credit risk monitoring.  Market participants must develop contingency plans for unwinding leveraged exposures orderly.  Unique aspects of the basis trade require tailored risk management strategies, including managing the cheapest-to-deliver option. 

Market Structure and Benefits  

The basis trade contributes to market efficiency by allowing participants to take different views on Treasury securities and futures valuations.  This dynamic potentially lowers government funding costs and provides liquidity to Treasury holders.  According to Alessandro Cocco, Chicago Fed, some market participants view futures as simpler and more transparent than repo, though regulatory and accounting considerations often drive this preference. 

Key Recommendations and Action Items 

• Regulators and accounting bodies should review practices that treat Treasury futures differently from repo financing 

• Improve data collection on long futures positions and risk management practices 

• Consider making anonymized, aggregated data available to the public 

• Implement continuous evaluation of basis trade and risk management practices as market structures evolve 

• Enhance infrastructure for Treasury clearing before the 2026 mandatory clearing mandate 

• Develop better metrics for measuring leverage and risk in basis trades 

• Establish consistent treatment between repo and cash Treasuries versus futures when economically equivalent 

• Create robust contingency plans for unwinding leveraged exposures 

Panel II: CCP Risk & Governance Subcommittee 

Part One: Ensuring Cyber Resilience and Preparedness for Third-Party Service Providers 

Perspectives on Cyber Resilience  

Speakers:  

Sanjeev Bhasker, Deputy General Counsel, Office of the National Cyber Director  

Todd Conklin, Chief Artificial Intelligence Officer and Deputy Assistant Secretary of Cyber, Treasury  

Steve Pugh, Chief Information Security Officer, Intercontinental Exchange  

Don Byron, Head of Global Industry Operations and Execution, Futures Industry Association 

Market Evolution and Cyber Threat Landscape  

The Office of the National Cyber Director (ONCD) outlined a comprehensive approach through the National Cybersecurity Strategy, with five pillars and 27 strategic objectives.  A key shift involves moving cybersecurity responsibility from individuals and small businesses to better-equipped organizations.  Treasury coordinates sector-wide risk management through the Financial Services Sector Coordinating Council (FSSCC), with recent focus on cloud security and AI adoption across financial institutions. 

Risk Management and Industry Response  

Following a significant cyberattack in March 2023, the industry established the Industry Resilience Committee (IRC) in December 2023.  The IRC focuses on the “3 Rs”: response, recovery, and reconnection; serving as a trusted forum for stakeholders.  ICE said its approach emphasizes thorough vendor due diligence, ongoing monitoring, and regular reviews, treating vendor risk management as a continuous cycle rather than a one-time process. 

Emerging Technology Challenges  

Treasury has conducted extensive interviews with over fifty financial institutions to understand AI adoption risks and plans.  The financial sector faces particular challenges in fraud prevention, where smaller institutions may struggle to keep pace with AI tools and data requirements.  Additional concerns include risks from blockchain, cryptocurrency, and post-quantum computing, especially regarding encryption vulnerabilities. 

Key Recommendations and Action Items 

• Implement “secure by design” principles in software development 

• Strengthen vendor risk management through continuous monitoring and clear protocols 

• Develop comprehensive incident response plans with regular testing 

• Establish better data sharing mechanisms during multi-day outages 

• Create standardized incident response questionnaires 

• Enhance collaboration between public and private sectors 

• Build robust cyber workforce training programs 

• Address the technology gap between large and small financial institutions 

• Prepare for quantum computing threats to current encryption methods 

Recommendations on Derivatives Clearing Organization System Safeguards Standards for Third-Party Service Providers  

Speakers:  

Alessandro Cocco, Senior Policy Advisor, Federal Reserve Bank of Chicago, on detail at Treasury 

Dr. Dick Berner, Clinical Professor of Management Practice in the Department of Finance and Co-Director of the Stern Volatility and Risk Institute, New York University  

Juan Blackwell, Director, Risk, Head of Credit and Counterparty Risk Management, Ontario Teachers’ Pension Plan  

Current Regulatory Framework and Gaps  

The current regulatory landscape includes various standards such as the National Futures Association’s (NFA) supervisory framework, Fed’s Regulation HH, SEC’s Reg SCI, and the EU’s Digital Operational Resilience Act.  However, CFTC’s Part 39 rule lacks explicit requirements for derivatives clearing organizations (DCOs) to implement third-party relationship management programs, though Rule 3918 establishes DCO responsibility for service provider failures. 

Proposed Recommendations for Enhancement  

The Subcommittee proposed three key improvements:  

1. Establish formal third-party relationship management programs aligned with best practices. 

1. Implement enhanced, risk-based due diligence for critical providers; and 

1. Create clear criteria for identifying critical third parties based on: 

1. Impact on CFTC-regulated activities, 

1. Critical operations, 

1. Legal obligations, 

1. Customer impact, 

1. Cybersecurity risks, and 

1. Concentration risks.  

Key Recommendations and Action Items 

• Align regulations with international standards while maintaining flexibility 

• Require DCOs to establish written supervisory frameworks 

• Implement robust due diligence processes before provider selection 

• Create monitoring systems for ongoing risk assessment 

• Establish clear accountability measures for third-party performance 

• Maintain principles-based regulatory approach while enhancing oversight 

• Develop criteria for identifying and managing critical third-party providers 

Part One Discussion 

Distinguishing Fraud from Cyber Resilience – Jessica Renier, Institute of International Finance 

Renier emphasized the importance of distinguishing between fraud issues and cyber resilience, noting that while fraud often occurs digitally, financial institutions should not be automatically responsible for third-party fraud presented as legitimate.  This distinction is being actively discussed in international forums, including Basel groups. 

Jurisdictional and Data Challenges – Todd Conklin  

Conklin highlighted two fundamental issues: 1) the lack of clear jurisdictional authority over fraud among U.S. government agencies; and 2) and the significant data gap between large and small institutions.  While larger institutions have extensive AI development resources and in-house data, smaller institutions must rely on third-party vendors for fraud modeling due to insufficient data generation.  He emphasized the need to support smaller institutions through third-party vendors, government support, or assistance from larger financial sector firms. 

Report Clarification – Alessandro Cocco 

Cocco clarified that the report originated from the Subcommittee, not the Treasury, and while it does not specifically focus on fraud, it also does not conflate fraud with cybersecurity issues. 

Support for TPRM Framework – Marnie Rosenberg, JP Morgan  

Rosenberg expressed JP Morgan’s support for third-party risk management (TPRM) expectations for DCOs, emphasizing its importance for safeguarding against operational disruptions in an increasingly interconnected financial system.  However, she noted that current recommendations should better reflect FSB’s 2023 TPRM toolkit principles, particularly regarding risk-based approaches for specific arrangements.  She advocated for alignment with international standards and CFTC’s proposed operational resilience guidance. 

Procedural Note – Dr. Dick Berner and Commissioner Johnson  

Berner moved to adopt the Subcommittee’s recommendations, with Commissioner Johnson confirming that amendments improving standards without committee objection would be integrated into the final report, along with any conforming or corrective changes. 

Part Two: Legal Entity Identifiers at the Beneficial Account Holder Level 

Recommendations on Legal Entity Identifiers at the Beneficial Account Holder Level  

Speakers:  

Dr. Dick Berner, Clinical Professor of Management Practice in the Department of Finance and Co-Director of the Stern Volatility and Risk Institute, New York University  

John Bottega, President, EDM Council 

Market Evolution and LEI Background  

The Legal Entity Identifier (LEI) system, launched in 2011 by the U.S. Office of Financial Research, emerged from lessons learned during the 2008 financial crisis. According to Dr. Dick Berner of NYU, the system now includes over 2.8 million entities and provides crucial transparency by assigning unique identifiers to both parent entities and subsidiaries. The Ion cyber incident highlighted operational challenges under current regulations. 

Current Regulatory Framework and Gaps  

While the CFTC mandates LEIs for daily reporting by DCOs, the current rule allows LEIs to be provided “where available,” limiting the ability to identify ultimate beneficial owners. This has created legal uncertainties and operational challenges. The current framework lags global standards, particularly compared to EU requirements for financial reporting transparency. 

Proposed Recommendations and Action Items 

The Subcommittee proposed several key changes: 

1. Mandate LEI use at the beneficial account owner level; 

1. Remove the “where available” language in Part 39; 

1. Require DCOs and FCMs to obtain LEIs from beneficial account owners; 

1. Align U.S. regulations with global standards and data management practices; 

1. Support AI-driven decision-making through consistent data; and 

1. Maintain LEIs for daily reporting by DCOs. 

Part Two Discussion 

Market Access and Implementation Concerns – Marnie Rosenberg, JP Morgan 

Rosenberg acknowledged LEI’s importance while advocating for a roundtable discussion before regulatory implementation.  She highlighted specific concerns about retail clients, farmers, and ranchers facing challenges with LEI costs and administration.  Drawing from swap reporting experience, she recommended clear obligations for legal entity owners and controllers, while maintaining “where available” language until implementation challenges are resolved. 

Industry Support and Adoption Challenges – Alison Crighton, Futures Industry Association (FIA)

Crighton expressed FIA’s support for LEI requirements in futures and options markets, while noting concerns about potential slow adoption without clear legal obligations for account owners or controllers.  She welcomed further implementation discussions based on OTC markets’ experience. 

Procedural Clarification – Jessica Renier, Institute of International Finance, and Commissioner Johnson 

Renier sought clarification on the voting process, particularly regarding the roundtable proposal and the “where available” clause.  Commissioner Johnson confirmed the amendment would advance the roundtable discussion while preserving the option to revisit language based on outcomes.  Renier emphasized the importance of documenting both supportive and dissenting feedback in the final report. 

Balancing Systemic Stability – Alessandro Cocco

Cocco addressed the need to balance systemic stability with FCM operational burdens.  While acknowledging LEI’s importance for data and risk management, he emphasized the complexity of implementation and the need for continued discussion to find reasonable solutions. 

Process and Documentation – Commissioner Johnson 

Johnson clarified that the amendment would modify Part 39.19 to remove “where available” language, with changes documented in footnotes.  She confirmed that all feedback would be included in the final report to ensure transparency in the decision-making process. 

Panel III: Future of Finance Subcommittee Presentation 

Speakers:  

Todd Conklin, Chief Artificial Intelligence Officer and Deputy Assistant Secretary of Cyber, Treasury 

The Evolution of AI in Financial Services 

The financial services sector has established a strong foundation in traditional AI applications, particularly in cybersecurity and fraud prevention.  Currently, institutions widely employ AI tools for endpoint protection, intrusion detection, and data loss prevention (DLP).  While larger institutions rely on in-house AI systems and proprietary data, smaller institutions increasingly turn to third-party AI solutions due to resource constraints.  The sector maintains a cautious approach to Generative AI adoption, primarily limiting its use to back-office tasks like report writing, while following frameworks such as the NIST AI Risk Management Framework for implementation guidance. 

Emerging Threats and Security Challenges 

The integration of AI has intensified the cybersecurity and fraud threat landscape significantly. Threat actors now leverage AI capabilities for sophisticated social engineering attacks, malicious code generation, and disinformation campaigns.  The proliferation of identity impersonation and synthetic ID creation poses new challenges to security systems.  Additionally, AI systems themselves face vulnerabilities including data poisoning, model extraction, and data leakage.  Third-party risks, particularly concerning data security and privacy, have emerged as growing concerns in the ecosystem. 

Ten Key Challenges in AI Implementation 

1. Common AI Lexicon Development: The need for standardized terminology across the industry 

1. Institutional Capability Gap: Growing disparity between large and small institutions’ AI capabilities 

1. Fraud Data Divide: Uneven access to data necessary for effective fraud detection 

1. Regulatory Fragmentation: Inconsistent regulatory approaches across jurisdictions 

1. NIST Framework Expansion: Need to enhance the AI Risk Management Framework 

1. Data Supply Chain Practices: Development of comprehensive best practices for data management 

1. AI Explainability: Improving transparency of black box AI solutions 

1. Human Capital Development: Addressing gaps in AI training and expertise 

1. Digital Identity Solutions: Creating robust systems to combat fraud 

1. International Coordination: Fostering global alignment on AI regulation 

Treasury Initiatives and Future Direction  

In response to these challenges, Treasury has initiated several collaborative workstreams with financial institutions and regulatory bodies.  These efforts focus on creating a standardized AI lexicon, developing enhanced fraud detection practices, and improving AI explainability and cybersecurity frameworks.  The initiatives particularly emphasize supporting smaller institutions in their AI integration journey while maintaining robust risk management practices.  With a target completion date of November 2024, these workstreams aim to establish standardized practices and guidelines that will enable financial institutions to leverage AI capabilities while effectively managing associated risks.  The ultimate goal is to create a secure, transparent, and efficient approach to AI implementation across the financial sector.  

Panel IV: Climate-Related Market Risk Subcommittee Presentation

Speakers:  

Sandra Lee, Deputy Assistant Secretary, Financial Stability Oversight Council, Treasury  

Christopher Odinet, Professor of Law and Mosbacher Research Fellow, Texas A&M University School of Law  

Kim Ratcliff, Chair, U.S. Department of Agriculture Advisory Committee on Minority Farmers; Board Member, Capital Farm Credit Advisory Committee; Treasurer and Board Member, Independent Cattlemen Association 

Climate Risk Assessment and Market Evolution  

The FSOC’s initial report outlined 35 recommendations across four key areas: 1) assessing climate risks to financial stability via scenario analysis and regulatory updates; 2) enhancing climate disclosures for investors and regulators; 3) improving climate-related data for better risk measurement; and 4) building expertise to manage climate risks.  This led to the creation of the Climate-related Financial Risk Committee (CFRC) and its advisory committee.  The CFRC has developed approximately thirty metrics tracking physical and transition risks, including natural disaster projections, energy production costs, and banking sector exposure measurements. 

Emerging Challenges in Insurance and Banking  

Two critical issues have emerged as priorities: 1) insurance affordability and availability concerns are affecting housing markets, though assessment is hampered by data gaps; and 2) the banking sector’s exposure to climate risks remains a key focus, with recent regulatory developments including climate risk management principles and the Federal Reserve’s pilot scenario analysis.   

Carbon Credit Markets and Legal Framework  

The carbon credit market operates in two distinct spheres: regulatory and voluntary.  While regulatory markets have established frameworks, the voluntary market lacks clear legal structure, raising questions about property rights, collateral use, bankruptcy treatment, and transfer rules.  As highlighted by Professor Odinet, Texas A&M, the voluntary market’s growth and intersection with traditional finance necessitates increased regulatory oversight to maintain market integrity. 

Barriers to Market Participation  

Small and minority farmers face significant challenges in participating in carbon offset markets: 

• Limited access to capital for implementing necessary practices 

• Insufficient support from USDA and NRCS programs 

• Technology gaps between small and large operations 

• Standardization challenges for smaller producers 

• Trust and clarity concerns within minority farming communities 

• Limited access to advanced technology required for program participation 

Key Recommendations and Action Items 

• Develop more granular, asset-level data collection for climate risk analysis 

• Strengthen banking sector climate risk management frameworks 

• Create clear legal structures for voluntary carbon markets 

• Improve access to capital and technology for small producers 

• Enhance standardization of carbon offset programs 

• Build trust through transparent program implementation 

• Increase support for minority farmer participation in offset markets 

• Expand interagency coordination on climate risk management