RPM Financial Markets Group

Press Releases: Update 05/04/16 • Annual Risk Reviews 1.11(f) and 23.600(e)

RPM Annual Risk Review Meets FCM and SD Requirements

FCMs and SDs to ensure Annual Risk Management Program Reviews analyze adherence, effectiveness, and provide necessary recommendations

CFTC Staff Advisory No. 16-24  |  CFTC Regulations §1.11 and §23.600


Chicago, IL – May 4, 2016 – RPM Financial Markets Group LLC (RPM), a leader in developing compliance and enterprise risk management programs (RMPs) for futures industry participants, is reminding futures commission merchants (FCMs) and swap dealers (SDs) the process of scheduling the annual, independent risk reviews mandated by Commodity Futures Trading Commission (CFTC) Regulations 1.11(f) and 23.600(e), respectively, should be well underway. 

Earlier this year the CFTC provided guidance to FCMs (much of which is applicable to SDs as well) that addressed the implementation of certain provisions of Regulation 1.11. While the CFTC emphasized the advisory is not mandatory, FCMs (and SDs) should note certain guidance related to the annual risk review is not optional. 

CFTC Staff Advisory No. 16-24 states the FCM itself is ultimately responsible for ensuring the review includes a proper analysis of the FCM's adherence to its RMP and the RMP’s effectiveness, regardless of whether an internal auditor or an independent third-party performs the RMP annual review. The review should also provide any necessary recommendations for modifications or improvements to the RMP.  The CFTC expects FCMs will perform sufficient due diligence to ensure their internal auditors or third-party reviewers are qualified to assess if the RMP is effectively managing risk by holding the FCM accountable for the quality of the risk review.  The annual 1.11(f) review is not merely a compliance review. The review must provide an analysis of how the FCM manages risk.

RPM has extensive experience managing FCM operations, and developing and implementing risk management programs for FCMs and SDs. RPM has applied this experience performing the required reviews for numerous FCMs and SDs since the regulation took effect. For those firms that satisfy the review requirement using internal auditors on staff, RPM has experience with supplementing internal audit departments with derivatives industry subject matter experts.  Contact RPM for more information about what is new for the 2015-16 1.11(f) review, and what FCMs and SDs should be doing to prepare for an efficient review of their RMP.

"RPM has developed, implemented, and analyzed numerous FCM and SD Risk Management Programs. Our expertise and experience allow us to propose and "right size" recommendations that focus on managing mission-critical risks, streamlining compliance, improving transparency or increasing controls" said Tom Bakas, Managing Partner of RPM. “When we work with our FCM or SD clients we use our proven assessment process to surface issues and provide recommendations for remedying such issues, and we can also assist in implementing approved solutions."

RPM operates a derivatives industry consulting practice run and staffed by practitioners with extensive hands-on experience in the operation and management of a variety of CFTC registrants and NFA Members, including futures commission merchants, swap dealers, exchanges, clearinghouses, retail foreign exchange dealers, introducing brokers, commodity trading advisors and commodity pool operators. RPM's extensive operational expertise and regulatory knowledge make it uniquely qualified to advise futures industry participants in developing and refining their operations to meet the evolving requirements of the current regulatory reality.  

For more information contact Tom Bakas at +1 312 604 6230 or visit www.rpmmarkets.com.

###

RPM Announces Cybersecurity Risk Management Framework

Customized Cybersecurity Policy & Procedures for NFA Members FCM, SD, RFED, IB, CTA, and CPO

NFA Interpretative Notice 9070 | ISSP | Cybersecurity | CFTC Regulations §1.11 and §23.600

Chicago, IL—December 22, 2015—RPM Financial Markets Group LLC (RPM), a leader in developing compliance and enterprise risk management programs for futures industry participants, is offering a customizable Cybersecurity Risk Management Framework (Cybersecurity Framework) to all NFA Members.  The Framework applies to all futures commission merchants (FCMs), swap dealers (SDs), retail foreign exchange dealers (RFEDs), introducing brokers (IBs), commodity trading advisors (CTAs), and commodity pool operators (CPOs).

NFA’s Interpretative Notice 9070 requires all Members to implement and maintain a written information systems security program (ISSP).  The Notice, which takes effect on March 1, 2016, is intentionally general to allow NFA Members to design and implement practices that are appropriate for their circumstances. 

RPM’s Cybersecurity Framework addresses the broad and complex needs of FCMs and SDs, while also scaling to fit the more specific needs of other Members.  The Framework incorporates the guidance contained in NFA’s Interpretive Notice 9070, as well as best practices and standards referenced by NFA within the Notice.  RPM’s Cybersecurity Framework is readily customizable and scalable, providing each Member with access to a program that addresses their unique cybersecurity risk profile.  The modular design allows any Member to develop the underlying policies and procedures required to implement an effective ISSP.   

RPM is applying its extensive enterprise risk management experience to help NFA Members comply with CFTC and NFA requirements in a manner that integrates effectively with each Member’s existing operations.  Futures industry registrants can now leverage RPM’s thought leadership and practical experience to develop effective ISSPs and thereby enhance their existing Risk Management Programs.

“RPM’s Cybersecurity Framework is a practical and effective compilation of cybersecurity best practices with a unique focus on the regulatory environment in which our clients operate,” said Tom Bakas, Managing Partner of RPM.  “The Framework is first and foremost focused on NFA Members’ cybersecurity needs while also providing Members with the integrated approach needed to demonstrate compliance with all the guidance provided in Interpretative Notice 9070.”

“The ability to demonstrate the ‘hows’ and ‘whys’ of your approach to cybersecurity risk management is a critical aspect of regulatory compliance,” said Charles McElhenie, RPM Principal.  “Governance and recordkeeping are fundamental regulatory requirements.  NFA Members who take a proactive approach to cyber risk management, and maintain records to demonstrate appropriate oversight and execution of those activities, are well positioned from both a business management and regulatory compliance perspective.  RPM’s Cybersecurity Framework provides the tools required to effectively address all these requirements.”

About RPM Financial Markets, LLC

RPM operates a futures industry consulting practice that is run and staffed by practitioners with extensive hands-on experience in the operation and management of a variety of CFTC registrants and NFA Members, including exchanges, clearinghouses, futures commission merchants (FCMs), swap dealers (SDs), retail foreign exchange dealers (RFEDs), introducing brokers (IBs), commodity trading advisors (CTAs) and commodity pool operators (CPOs).  The firm has had significant involvement developing organizations and programs designed to comply with the futures industry regulatory requirements that have emerged from the Dodd-Frank Act.  RPM’s extensive operational expertise and regulatory knowledge make it uniquely qualified to advise futures industry participants in developing and refining their operations to meet the evolving requirements of the new regulatory environment.

For more information please contact Tom Bakas at +1 312 604 6230 or visit www.rpmmarkets.com  

 

####

RPM Expands Independent Review Service for Risk Management Programs with Cybersecurity Emphasis

Designed to Meet the Requirements of CFTC Regulation §1.11 & Cybersecurity


Chicago, IL—December 17, 2015—RPM Financial Markets Group LLC (RPM), a leader in developing compliance and enterprise risk management programs for futures industry participants, is now offering a Cybersecurity Risk Management Review Service to Futures Commission Merchants (FCMs).  The review service combines the requirements of CFTC Regulation 1.11(f) with National Futures Association’s requirement for members to have their cybersecurity programs (formally referred to as an Information Systems Security Program or ISSP) reviewed annually.  Cybersecurity Risk Management Reviews can be performed separately or combined with RPM’s 1.11(f) Risk Management Program Reviews.

Under NFA’s new Interpretative Notice which takes effect on March 1, 2016, FCMs are required to implement and maintain a written ISSP.  NFA also requires Members to monitor and regularly review the effectiveness of their ISSPs.  In particular, Members should perform a regular review of their ISSP at least once every twelve months.

RPM is applying its extensive experience performing risk management program reviews and customizing enterprise risk management and cybersecurity frameworks to help FCMs comply with CFTC and NFA requirements.  RPM employs futures industry practitioners and technologists to provide the structure and content required by the guidance in a manner that integrates effectively with the enterprise risk management of an FCM.  The FCM community can now leverage RPM’s thought leadership and practical experience to validate and enhance their ISSP and Risk Management Programs.

“The CFTC’s broad mandate of the Enhanced Customer Protection Rules that required FCMs to improve the governance and accountability around their Enterprise Risk Management programs continues to increase its focus – this time on Cybersecurity Risk Management” said Tom Bakas, Managing Partner of RPM.  “RPM is excited to again expand its risk, compliance, and operational service offerings for derivatives registrants to include Cybersecurity Frameworks and Independent Cybersecurity Risk Management Reviews.”



About RPM Financial Markets, LLC

RPM operates a futures industry consulting practice that is run and staffed by practitioners with extensive hands-on experience in the operation and management of a variety of CFTC registrants, including exchanges, clearinghouses, futures commission merchants (FCMs), swap dealers (SDs), introducing brokers (IBs), commodity trading advisors (CTAs) and commodity pool operators (CPOs).  The firm has had significant involvement developing organizations and programs designed to comply with the futures industry regulatory requirements that have emerged from the Dodd-Frank Act.  RPM’s operational expertise and regulatory knowledge make it uniquely qualified to advise futures industry participants in developing and refining their operations to meet the evolving requirements of the new regulatory environment.

For more information please contact Tom Bakas at +1 312 604 6230 or visit www.rpmmarkets.com


####

RPM Launches Independent Review Service for Risk Management Programs

Satisfies Requirements of CFTC Regulation 1.11

Chicago, IL—November 4, 2014—RPM Financial Markets Group LLC (RPM), a leader in developing compliance and enterprise risk management programs for futures industry participants, is now offering a Risk Management Program review service to Futures Commission Merchants (FCMs).  The review service focuses on the requirements of CFTC Regulation 1.11(f) for conducting annual reviews and testing of FCM Risk Management Programs.

Under the CFTC’s new Enhanced Customer Protection Rules which took effect in July 2014, FCMs are required to implement and maintain a Risk Management Program that satisfies the detailed requirements of CFTC Regulation 1.11.  The regulations also require FCMs to analyze and report on their adherence to and the effectiveness of their Risk Management Program and consider recommendations for modifications to the Program on at least an annual basis. Such analysis and recommendations must be conducted and provided by a qualified party that is independent of the business unit of the FCM.

RPM is applying its extensive experience assessing FCM regulatory compliance and assisting FCMs in developing customized enterprise risk management and compliance programs to help FCMs comply with the requirements of CFTC Regulation 1.11.  RPM employs futures industry practitioners to provide the structure and content required by the regulation in a manner that integrates effectively with the overall operations of an FCM.  The FCM community can now leverage RPM’s thought leadership and practical experience to validate and enhance their Risk Management Programs cost-effectively.

“The CFTC has put forth their Enhanced Customer Protection Rules to promote financial stability within the listed derivatives industry by requiring more rigorous accountability from FCMs,” said Tom Bakas, Managing Partner of RPM.  “RPM is uniquely qualified to help FCMs fulfill their regulatory obligations and gain firm-appropriate recommendations regarding the effectiveness of and potential improvements to their Risk Management Programs.”

RPM Financial Markets, LLC

RPM operates a futures industry consulting practice that is run and staffed by practitioners with extensive hands-on experience in the operation and management of a variety of CFTC registrants, including exchanges, clearinghouses, futures commission merchants (FCMs), retail foreign exchange dealers (RFEDs), introducing brokers (IBs), and commodity trading advisors (CTAs).  The firm has had significant involvement developing organizations and programs designed to comply with the regulatory requirements that have emerged from Dodd-Frank.  RPM’s operational expertise and regulatory knowledge make it uniquely qualified to advise futures industry participants in developing and refining their operations to meet the evolving requirements of the new regulatory environment.

For more information please contact Tom Bakas at +1 312 604 6230 or visit www.rpmmarkets.com

####