Public Statements & Remarks

Remarks of Commissioner Sharon Y. Bowen before the Commodity Markets Council

“Transitions Present Opportunities”

January 30, 2017

Introduction

Thank you for the kind introduction and good morning everyone. It is a pleasure to be here at the Commodity Markets Council’s “Global State of the Industry” Meeting. The CMC is an important voice for end-users in our energy and agricultural markets, and I welcome any opportunity to engage with these market participants that play such a vital role in our infrastructure and economy. Before I begin, let me note that the views expressed today are my own, and do not necessarily reflect those of the other Commissioners or Commission staff.

Your agenda has a comprehensive and relevant focus on the important issues and perspectives of today – ranging from the agricultural and energy outlook, to Latin American and European focus, to technology and the political and regulatory perspectives. I have been asked to speak about the outlook for the derivatives markets today. It is no secret that we have had a series of surprising and significant events in the last few months – including Brexit and the national election to name a few. And in this period of global and domestic tumult, many are pessimistic about our future as a nation. But I’ve entitled my remarks today, “Transitions Present Opportunities,” because I believe the true test of any leader, and in fact each of you as stewards of our financial markets, is how we build upon the strengths we have today to make the best of the opportunities that are before us. In that vein, there are three areas that present such an opportunity that I would like to focus on in my remarks today: Regulation AT (Reg AT), Position Limits, and Diversity.

Regulation AT

First, let me say a few words about Reg AT, our automated trading rule. Following significant engagement with a variety of stakeholders, from exchanges and proprietary traders to financial reform advocates, we recently issued a supplemental rule proposal where we made several important revisions to our previous proposal on automated trading. Of the many changes, there are two aspects that I particularly want to highlight since I believe they are crucial to a well-functioning trade execution infrastructure.

First, we are revising our registration regime to better focus our attention and regulations on the firms responsible for substantial amounts of automated trading in our markets. Under this proposal, firms that make use of Direct Electronic Access (DEA) to connect to our markets will not automatically have to register. Instead, only those firms which use DEA and also have an average of 20,000 or more trades each day over a six month period will be required to register.1 It only seems appropriate that the firms responsible for a substantial portion of trades in our markets should have heightened regulatory requirements, while less active firms should not. By offering a specific threshold for registration, however, it is critical that we pick the right number. I therefore am looking forward to reading the comments from market participants on whether “20,000 trades per day” is the right level, too high, or too low. Or whether it should it be a percentage of total trades over some relevant time frame.

However, while small firms with small volumes will not be required to register, it is not the case that their trades would go unregulated. In fact, the second major revision of the current proposal would require that all electronic trading, algorithmic as well as non-algorithmic, would have two separate layers of pre-trade risk controls on it. For those trades originating from an AT Person, both the designated contract market (DCM) and the AT Person will be obligated to place pre-trade risk controls on their electronic trades, with the AT Person having the option of delegating this responsibility to the relevant futures commission merchant (FCM). Meanwhile, any electronic trading from entities other than AT persons will also be subject to two levels of pre-trade risk controls: one level set by the DCM and one by the FCM. Given the constant technological innovations and redesigns involving algorithmic trading, I believe having two levels of risk controls provides critical protection against a market malfunction harming investors or our broader economy. I believe that this strikes the appropriate balance between encouraging innovation and competition on one hand, while providing much needed protection to the market from the disastrous effects of market shocks on the other hand.

As I have said before, however, this regulation is merely a first cut. In order to ensure that all market participants, especially end-users, are being given a level-playing field, we need to remain vigilant in assessing the effects of the continued proliferation of algorithmic trading.

Cybersecurity

I want to say a few words about our cybercrime challenge, what is currently being done to address it, and what I hope our recent regulations would add to these efforts. The problem is clear – our firms are facing an unrelenting onslaught of attacks from hackers with a number of motives ranging from petty fraud to international cyberwarfare. We have all heard of notable and sizable companies that have been the victim of cybercrime, including: Sony, eBay, JPMorgan, Target, and Staples -- even the US government has fallen victim.

Given the magnitude of the problem, it is not at all surprising that a lot is already being done to address it. The Department of Homeland Security and others have been working with private firms to shore up defenses. Regulators have certainly been active. The Securities and Exchange Commission (SEC), the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Board (FRB), the Federal Housing Finance Agency (FHFA), and our self-regulatory organization, the National Futures Association (NFA), have issued cybersecurity guidance. In Europe, the Bank of England (BOE) introduced the CBEST program to conduct penetration testing on firms, based on the latest data on cybercrime. We heard a presentation from the BOE about CBEST at a meeting of the Market Risk Advisory Committee in June 2015.

I wanted to hear what market participants were doing to address the challenge of our cybersecurity landscape so, in September 2015, I met with several of our large registrant dealers and asked them about their cybersecurity efforts. After these discussions, I was both alarmed by the immensity of the problem and heartened by efforts of these larger participants to meet that problem head on. They were employing best practices such as reviewing the practices of their third party providers, using third parties to audit systems, sharing information with other market participants, integrating cybersecurity risk management into their governance structure, and staying in communication with their regulators.

I think our recent rulemakings are a great first step in accomplishing that balance. There are many aspects of these rules that I like. First, they set up a comprehensive testing regime by: (a) defining the types of cybersecurity testing essential to fulfilling system safeguards testing obligations, including vulnerability testing, penetration testing, controls testing, security incident response plan testing, and enterprise technology risk assessment; (b) requiring internal reporting and review of testing results; and (c) mandating remediation of vulnerabilities and deficiencies. Further, for certain significant entities, based on trading volume, it requires heightened measures such as minimum frequency requirements for conducting certain testing, and specific requirements for the use of independent contractors.

Second, there is a focus on governance – requiring, for instance, that firms’ Board of Directors receive and review all reports setting forth the results of all testing. And third, these rulemakings are largely based on well-regarded, accepted best practices for cybersecurity, including The National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (“NIST Framework”).2 I was also an early proponent of including all registered entities, including SEFs, in this rule, and was glad to find agreement among my fellow Commissioners.

Position limits

Second, I’ll say a few words about position limits - the eternal rulemaking. Now, I know that this issue has been discussed so many times that it’s hard to believe that we are still talking about it so many years after its initial proposal. Yet, the rule remains unfinished as it has just been re-proposed. What is the benefit of re-proposing this rule yet another time? Well, one thing is for certain, now, you, as end-users have an opportunity to have one more opportunity – and hopefully the final opportunity – on the advisability of all aspects of this rule. So please make sure - as I’m confident you will -that your voice is fully heard.

Make no mistake about it: we need position limits. In my time as a Commissioner, I have spoken with farmers, processors, and others involved in producing the food we eat and the plant-based products we use. Many of you are in these fields. As you know, that job is tough. Given the sizeable capital investments needed and their frequently unpredictable incomes, these end-users need access to cost-effective hedging to finance their businesses and protect against anticipated risks. Limits allow us to meet these needs, while maintaining the protections for investors, consumers, and the broader financial system that Congress envisioned.

And please keep in mind that what really lies at the heart of establishing limits is encouraging public confidence in our markets. By many measures, the economy has improved since the 2008 crisis, but questions over the structure and functioning of our markets remain at the heart of our debates about financial reform. Commodity prices today are substantially down from their peaks. But, in time, they will inevitably go up, and questions will again be raised about the role of speculation. We need a position limits rule that rightly encourages public confidence in these markets.

Thus, having position limits is essential. And getting the rule right is crucial. So, I invite you to help us make one last push to get rules finalized that will help prevent the negative impacts of excessive speculation while allowing commercial end-users to manage their risks.

Diversity

And third, I would like to say something about an important issue that is, unfortunately, is often not discussed in these circles – diversity. Promoting diversity has always been an important part of my career and worldview.

Why is diversity important? Think about it: who is buying and driving the demand for commodities? Surely, these consumers are not homogenous. So how can we achieve real growth and economic opportunity without women and minorities at the table? Promoting diversity should not be treated as a nice addition to your substantive work, but as an essential part of it. I know from experience that diversity on corporate boards and within the corporate chain of command is valuable to investors who often believe that diverse companies perform better. According to a key study, “in a like-for-like comparison, companies with at least one woman on the board would have outperformed in terms of share price performance, those with no women on the board.” 3

In order to promote diversity, companies need to get buy-in from all relevant stakeholders for the diversity initiative and foster an environment that lends itself to inclusion. First, diversity is not just an issue for “diverse” members of your staff. Because it impacts the financial success of the organization, it is important for the whole organization. And second, in order to promote diversity, you need to foster an environment that lends itself to inclusion. A work environment where everyone is invited into the conversation, and encouraged to raise their views, even if opposing, produces a healthier dialogue, and a better product.

In sum, diversity is an essential part of the modern American workplace. I have always believed that, and I believe it even more strongly now. I encourage you to establish, or grow, the diversity initiatives at your firms through clear vision, broad-based buy-in and an inclusive environment. Thank you for your attention and I am happy to take any questions.

1 Supplemental Notice of Proposed Rulemaking on Regulation on Automated Trading at 29, 215.

2 See NIST Framework, Subcategory PR.IP-10, at 28, and Category DE.DP, at 31, available at http://www.nist.gov/ cyberframework/upload/cybersecurity-framework-021214.pdf.

3 See Credit Suisse Research Institute, Gender Diversity and Corporate Performance 6 (2012), available at http://www.calstrs.com/sites/main/files/file-attachments/csri_gender_diversity_and_corporate_performance.pdf,

Last Updated: September 14, 2017