CFTC Staff Issues Advisory on the Use of Artificial Intelligence

Keep up with the latest legal and industry insights, news, and events from MoFo

On December 5, 2024, the U.S. Commodity Futures Trading Commission’s (“CFTC”) Divisions of Clearing and Risk, Data, Market Oversight, and Market Participants (together, the “Divisions”) issued a staff advisory (the “Advisory”) on the use of artificial intelligence (“AI”) by various CFTC-regulated entities. The staff of the Divisions (the “Staff”) noted that AI may eventually touch upon all or nearly all aspects of the lifecycle of a derivatives trade. The release of this Advisory follows the CFTC’s request for public comment on the use of AI in CFTC-regulated markets that was issued earlier this year.

The Advisory

The Advisory is not a compliance checklist or substitute for appropriate risk assessments or governance by a CFTC-regulated entity, but rather sets forth a non-exhaustive list of AI use cases and corresponding existing obligations under the Commodity Exchange Act and CFTC regulations that may be potentially implicated in the use of AI by CFTC-regulated entities. This should aid in the creation of reasonably designed policies and procedures to address the myriad of possible AI use cases and attendant risk. The Staff noted that CFTC-regulated entities are required to comply with their regulatory obligations irrespective of whether or not they deploy AI (or any other technology) directly or through a third-party service provider, and are expected to undertake regulatory compliance reviews as well as update policies, procedures, controls, and systems to take into account their use of AI.

The Staff identified the following AI use cases and associated regulatory obligations.

CFTC-Regulated Entity	Identified AI Use Cases	Identified Regulatory Considerations
	Order Processing and Trade Matching
Derivatives Contract Markets (“DCMs”) Swap Execution Facilities (“SEFs”) Swap Data Repositories (“SDRs”)	AI may be utilized in the order processing and trade matching functions, particularly as it relates to the preparation of message data at the time of execution. For example, AI may be used to anticipate trades before they happen, allowing for greater efficiency in the allocation of resources.	Regardless of how DCMs deploy AI, they must continue to provide competitive, open, and efficient markets and mechanisms for executing transactions that protect the price discovery process of trading in the centralized market of the DCM.[1]
	Market Surveillance
	AI may be used to identify instances of abusive trading practices and to improve detection and flagging of specific trade execution patterns and trade anomalies.	DCMs and SEFs have a responsibility to maintain compliance staff and resources sufficient to conduct effective audit trail reviews, trade practice surveillance, market surveillance, and real-time market monitoring.[2]
	System Safeguards
	DCMs, SEFs, and SDRs should continue to maintain appropriate controls systems related to risk, analysis, and oversight.	DCMs, SEFs, and SDRs are expected to follow generally accepted standards and best practices with respect to the development, operation, reliability, security, and capacity of an AI system. DCMs, SEFs, and SDRs have a responsibility to give the Staff timely advance notice of all material planned changes to automated systems that may impact the reliability, security, or adequate scalable capacity of such systems.[3]
Derivatives Clearing Organizations (“DCOs”)	System Safeguards
	AI may be used to support the detection and/or response to cyber intrusions, in addition to identifying cyber vulnerabilities and hardening defenses, or as a tool to evaluate and/or update legacy and new computer code. DCOs may benefit from considering how the introduction of AI could impact, positively or negatively, the functionality, reliability, and resilience of computer systems relied upon by DCOs to accomplish the DCOs’ core functions.	DCOs must give the Staff prompt advance notice of all material planned changes to automated systems that may impact the reliability, security, or capacity of automated systems and all materials changes to the DCO’s program of risk analysis and oversight.[4]
	Member Assessment and Interaction
	A DCO might use AI to review its clearing members’ compliance with DCO rules and to support communication with its clearing members (e.g., through the use of chatbots).	DCOs must continue to ensure that they comply with clearing member eligibility requirements and monitor their credit exposure to their clearing members.[5]
	Settlement
	AI may be used to support DCO settlement, including facilitating netting or offset of positions.	DCOs must continue to ensure timely completion of settlement, exposure limitations to settlement bank risk, and the ability to permit netting or offset arrangements.[6]
Futures Commission Merchants (“FCMs”) Swap Dealers (“SD”) Commodity Pool Operators (“CPO”) Commodity Trading Advisors (“CTAs”) Introducing Brokers (“IBs”) Retail Foreign Exchange Dealers (“RFEDs”) Associated Persons	Risk Assessment and Risk Management
	AI may be utilized for the calculation and collection of initial and variation margin for uncleared swaps.	An SD that uses AI to assist in the collection of initial margin, for example, would still be required to confirm the adequate performance of such a system to ensure that risk is properly managed consistent with CFTC regulations.[7]
	Compliance and Recordkeeping
	AI may support activities that bear on customer protection, including, for example, the accuracy and timeliness of financial information and risk disclosures that are provided to customers, the CFTC, and the National Futures Association by these CFTC-regulated entities.	These CFTC-regulated entities remain responsible for ensuring that such disclosures are compliant with the applicable statutory and regulatory requirements. For example, a CPO using generative AI to update a disclosure document or prepare periodic account statements for a commodity pool would still be subject to all the requirements of Part 4 of the CFTC regulations.[8]
	Customer Protection
	FCMs may use AI to account for segregated funds.	The Advisory emphasizes that a substantial portion of CFTC regulations relate to customer protection and that these CFTC-regulated entities remain responsible for ensuring compliance with these regulations. For example, FCMs will still be required to ensure compliance with requirements for holding their customers’ money, securities, and property under the Commodity Exchange Act and CFTC regulations.[9]

Commissioner Statements

CFTC Chairman Rostin Behnam issued a statement accompanying the Advisory, stating that the Advisory is emblematic of the CFTC’s technology-neutral approach and complements the internal transformation underway at the CFTC to build a forward-looking AI culture. Chairman Behnam also emphasized that the Staff intends to monitor for any risks from AI that may merit policy or regulatory consideration.

CFTC Commissioner Kristin N. Johnson also issued a statement, stating that while she supports the CFTC’s efforts to advance inquiries regarding the integration of AI into its markets, she believes there are tangible steps that the CFTC can take immediately to enhance the safety and benefits of incorporating AI in markets, while minimizing the risks. Commissioner Johnson also advocated for enhanced supervision and enforcement resources (including the creation of an AI fraud task force), enhanced information gathering on the use and adoption of AI technologies by market participants, and heightened civil monetary penalties to deter fraudulent actors.

Conclusion

The Advisory reflects the Staff’s understanding of the current and potential AI use cases in the derivatives markets. Importantly, while the Staff indicated a number of areas where AI technology may be deployed, they stressed that the use of AI does not obfuscate a CFTC-regulated entity’s obligations to comply with its regulatory requirements. Importantly, the Advisory stated that the Staff may incorporate AI as a topic of discussion in their routine oversight activities, including examinations.

As AI technology advances, the Staff noted that they will continue to monitor its potential benefits and risks, and may reevaluate the Advisory, develop future Staff guidance, and/or recommend that the CFTC propose new regulations.

[1] Core Principle 9 (Execution of Transactions) for DCMs.

[2] Core Principle 2 (Compliance with Rules), Core Principle 4 (Prevention of Market Disruption), and Core Principle 12 (Protection of Markets and Market Participants) for DCMs; Core Principle 2 (Compliance with Rules), Core Principle 3 (Swaps Not Readily Susceptible to Manipulation), and Core Principle 4 (Monitoring of Trading and Trade Processing) for SEFs.

[3] Core Principle 20 (Systems Safeguards) for DCMs, Core Principle 14 (Systems Safeguards) for SEFs, and 17 CFR 49.24.

[4] Core Principle I (System Safeguards), Core Principle B (Financial Resources), Core Principle D (Risk Management), and 17 CFR 39.18(d)(2).

[5] Core Principle C (Participant and Product Eligibility) and Core Principle D (Risk Management).

[6] Core Principle E (Settlement Procedures).

[7] 17 CFR 23.152.

[8] 17 CFR Part 4.

[9] 7 USC 6d(a)(2), 17 CFR 1.20, and 17 CFR Part 1.

Rhys Bortignon
Partner
Val Dahiya
Partner
Kelley A. Howes
Co-chair of Investment Management Group
Stephanie Lynn Sharron
Partner
Sarah Y. Hanni
Associate

Practices

Capital Markets

Industries + Issues

Artificial Intelligence (AI)