Remarks of Enforcement Director Ian McGinley at the New York University School of Law Program on Corporate Compliance and Enforcement: “The Right Touch: Updated Guidance on Penalties, Monitors, and Admissions”
October 17, 2023
Thank you for that introduction, Professor Arlen. It is an honor to make this announcement as part of NYU’s Program on Corporate Compliance and Enforcement, one of the marquee programs in the world on these topics. I’m also delighted to be back at NYU Law School, my alma mater. As a student, I frequently attended the incredible events in Lipton Hall, often sitting in the back row. So, it’s quite a thrill to move from the nosebleeds to the podium.
Since I joined the CFTC as the Director of Enforcement, I’ve had the pleasure of getting to know a group of people whose reputation preceded it. From outside the CFTC, my observation had always been that the Division—under the leadership of numerous former Directors that are here tonight—worked aggressively to protect the public and ensure the integrity of markets.
So I’ve been surprised to hear that some still believe the CFTC to be “friendly” when it comes to enforcement. One of my first goals as Director has been to dispel this myth by building upon the Division’s exceptional record of achievement. At the risk of great understatement, we have done so. This fiscal year alone, we filed 96 enforcement actions and obtained orders imposing over $4.3 billion in monetary relief. This is an incredible return on investment for the U.S. government, given that the CFTC’s entire budget in fiscal year 2023 was $365 million and we have only approximately 170 employees in the Division of Enforcement.
While these numbers are impressive, the quality of the cases is even more impressive. We’ve brought cutting-edge digital asset actions against FTX and its CEO and others,[1] Binance and its CEO and others,[2] Celsius and its CEO,[3] and Voyager’s CEO.[4] We also prevailed in litigation against the Ooki DAO, the first case against a decentralized autonomous organization backed by a “who’s who” amici lineup.[5] The Commission also imposed significant remedial measures on registered swap dealers for swap data reporting and other violations that threatened the integrity of the global swaps markets.[6]
But that’s not all we have done. Over the past few months, you may have noticed some changes in our recent enforcement actions since my arrival.
- In certain matters, particularly involving recidivism, our penalties are increasing.[7]
- We are imposing compliance Monitors and Consultants as part of our settlements.[8]
- And we are requiring admissions in our settlements.[9]
This is not accidental. They reflect deliberate direction I have given to the Division in service of two overarching goals—to ensure accountability and minimize the likelihood of future misconduct.
That’s what I want to talk about today—achieving accountability and minimizing future misconduct. Today, I am announcing several updates to our Division’s enforcement guidance, which will be published in a written advisory. In particular, I am announcing updated guidance in three areas:
- penalties, including the factors we consider in defining recidivism in our regulated space;
- monitors and consultants; and
- admissions.
Through these three updates, we aim to have the right touch when it comes to enforcement. We don’t aim to be friendly or unfriendly when it comes to our markets; we aim to be effective in achieving accountability and minimizing future misconduct.
- Deterring Misconduct Through Appropriate Penalties
I will start with penalties, but before I do, I’ll note that these comments are my own and do not necessarily reflect the views of the CFTC or its Commissioners.
- The Importance of Deterrence
Not to again take everyone back to my law school days—I’m not looking to empty the room!—but there are some age-old concepts about deterrence. We think about both general deterrence—that is, ensuring the threat of punishment is sufficient to make misconduct generally unappealing; and specific deterrence—that is, ensuring that a punishment is sufficient to reduce the risk a particular entity or individual will break the law again. Both have long been centerpieces of the Division’s approach to resolutions.
The challenges here are obvious: If penalties are not sufficiently high, entities may choose to continue to behave unlawfully and consider the fine to be the cost of doing business. Likewise, individuals may view the potential rewards of misconduct as outweighing the potential risks. It is often a cost/benefit analysis.
Our recent swap dealer reporting cases are prime examples. Over a decade ago, following the 2008 financial crisis, Congress addressed a lack of transparency in the $600 trillion global swaps markets, which contributed to that global economic catastrophe. The Dodd-Frank Wall Street Reform and Consumer Protection Act required swap dealers to report data to the CFTC and others. This reporting is essential to promoting transparency, protecting customers, ensuring market integrity, and addressing systemic risks to the global economy. Given the importance of swaps data reporting, it should be no surprise that the Commission has brought a number of swap data reporting cases in this area.
The issue is that the problems are still occurring—and it’s been over 13 years! As some of our recent resolutions reflect, multiple swaps dealers across the industry are continuing to fail to report accurately (or at all) millions of swaps. At the end of the day, the penalties need to exceed the costs of compliance, to avoid the risk of institutions viewing penalties as an acceptable cost of doing business. Higher penalties may also empower compliance professionals to make the business case to senior management for the resources they need.
Consistent with this thinking, in the last month, we announced actions against several swap dealers that have penalties significantly higher than those imposed in prior similar matters. For example, we imposed an $8 million resolution with one swap dealer, a $15 million resolution with another, and a $30 million resolution with a third.[10]
So what today’s Advisory means is that where conduct is occurring repeatedly over time, wrongdoers should expect a reassessment of the penalty size needed to deter the misconduct.
- Defining and Addressing Recidivism
What I have discussed so far implicates general deterrence. But we have also focused on specific deterrence and in particular on the question of recidivism. Recidivism generally refers to repeated violations of law by the same person or institution. And when I arrived at the CFTC, I noticed that over the years, we have brought cases against the same entities time and time again, often for the same or similar violations.
Our existing policies specify recidivism as an aggravating factor that can increase the amount of a penalty imposed.[11] But recidivism is hard to define at times. If someone gets two speeding tickets, they are recidivist speeders. If someone gets one speeding ticket and later shoplifts, is that recidivism? To bring it closer to home, is a swap dealer that has significant reporting violations a recidivist if a year earlier the Commission issued an order for significant recordkeeping violations?
This is a particularly complex question in the regulated space, like the markets that the CFTC regulates. When Deputy Attorney General Lisa Monaco addressed this audience to discuss DOJ’s approach to corporate recidivism, she noted that firms operating in highly regulated industries like ours require different considerations. That’s because we naturally expect these firms to have more touch points with regulators. And not every touch point indicates recidivism.
In today’s Advisory, we give some guidance. When assessing whether an entity is a recidivist, we will consider certain factors:
- The overlapping nature of the prior and current matters. For example, do they involve the same or similar kinds or categories of violations? No two violations are ever exactly alike. Instead, we will look to whether the violations resulted from the same root cause or involved the same general subject matter.
- The time between offenses. More recent conduct is likely to be given more weight in determining whether an entity is a recidivist.
- Whether overlapping management was involved.
- The pervasiveness of the new misconduct. De minimis new misconduct that is quickly identified and remediated is less likely to result in a recidivism finding than pervasive new misconduct that persists over time.
- The robustness and effectiveness of remediation since the entity’s prior resolution. When an entity fails to adequately remediate, this is evidence that the cost/benefit analysis I previously mentioned was not appropriately balanced. On the other hand, if the entity has changed personnel responsible for the previous violation and improved its compliance culture, it is less likely to be considered a recidivist.
As I previously mentioned, penalties need to be high enough to generally incentivize legal compliance and also to ensure that the entity entering into a resolution gets its act together. In the case of recidivism, that critical piece—getting its act together—hasn’t happened. Today, we are announcing that the Division intends to prioritize recidivism as a significant aggravating factor under our existing penalty guidance. This means that recidivists can expect the Division to recommend increased penalties, so that we do not keep seeing the same entities with the same problems.
There is one last note with respect to recidivists. Recidivism will be a significant factor that will influence whether the Division will recommend a corporate compliance Monitor or Consultant. So, what do I mean by Monitors and Consultants?
- Monitors and Consultants—Ensuring Remediation to Reduce Likelihood of Future Misconduct
In our resolutions, we need to have confidence that the unlawful conduct will not be repeated. To minimize recidivism, the Commission frequently imposes requirements related to remediation—that is, fixing the problems. In some cases, before resolving, the entity demonstrates remedial steps it has taken, and the Commission order reflects the entity’s representations about its remediation. In other cases where remedial steps remain to be completed, the entity commits to fixing the issues. But there are occasions when entities violate our laws and the Division lacks confidence that the entity will remediate the misconduct on its own without the assistance and oversight of a third party.
In those cases, we have required the entity to engage a third party, approved by the Division, to oversee and test the sufficiency of the remediation.[12] Just by way of example, in the $30 million resolution with a swap dealer I mentioned earlier, given the pervasiveness and severity of the misconduct and the supervision failures at play, the Commission required a third party to examine and recommend improvements to its compliance policies, procedures, and controls, and to test the sufficiency of the remediation. This was a consequential act. It requires the entity to allow an outside third party to “look under the hood” over a three-year period.
In the case above, we called this third party a “Consultant.” In another case involving a different bank we called it a “Monitor.” Going forward, we are going to clarify the names. A third-party approved by the Division and engaged to make recommendations, test those recommendations, and report on the results of its work will be referred to as a Monitor. As I noted previously, we will seek to impose Monitors when we lack confidence the entity will remediate itself, without Division oversight.
In contrast, a third party engaged by the entity to advise the entity regarding compliance enhancements will be referred to as a Consultant. A Consultant will be appropriate when the Division is persuaded by the evidence that the entity requires the assistance of a neutral third party to advise regarding remediation, but otherwise can remediate its failures.
Our goal with imposing Monitors and Consultants—just as with achieving optimal deterrence through penalties—is to ensure that our resolutions minimize the risk of the misconduct recurring. Entities engaged in significant misconduct or recidivism should expect Monitors and Consultants.
- Admissions—Achieving Accountability and Deterrence
There is one other aspect of settlement discussions that potential respondents should be prepared for—admissions, the civil equivalent of a guilty plea. For many years, the CFTC—and many other agencies—have resolved most matters on a no-admit, no-deny basis. That is, a respondent will consent to the CFTC’s findings of fact and conclusions of law; but it will not admit or deny those findings and conclusions.
There can certainly be good reasons for this approach. For example, an institution may be willing to agree to a resolution that returns all funds to harmed victims and imposes an appropriate penalty, but not to admit to the underlying misconduct, perhaps because of the risk of criminal prosecution.
However, it is not always appropriate or effective to resolve CFTC enforcement actions on a neither admit nor deny basis. Admissions in our resolutions can achieve important goals. The acceptance of responsibility can promote accountability and justice, as well as deter future misconduct. They also can facilitate post-resolution cooperation.
Recent Commission orders already reflect that the Commission is requiring admissions to convey the significance of the misconduct.[13]
Given these considerations, today I am also announcing that the Division will take the following approach to admissions: in negotiations, respondents should no longer assume that no-admit, no-deny resolutions are the default. Rather, in every negotiation, we will discuss whether admissions are appropriate.
There are a number of factors that will weigh in favor of admissions. For example, if a respondent is entering into a parallel criminal resolution and admits certain facts in that resolution, and those facts also form the basis of the CFTC action, the Division will typically expect those facts to be admitted. This is particularly appropriate because such cases often involve egregious conduct and significant harm to investors and markets. Likewise, where evidence uncovered during the investigation conclusively establishes the misconduct—for example, the respondent admitted to the misconduct in testimony—that also weighs in favor of admissions. In addition, strict liability offenses with no intent requirement are prime candidates for admissions, as the conduct either occurred or it didn’t.
But these are not the only considerations. As noted, where there is a realistic risk of criminal exposure uniquely tied to the act of admitting the misconduct, that may weigh against requiring admissions. In addition, where there is a legitimate factual dispute where the Division is persuaded it faces significant litigation risk establishing the fact at trial, that may counsel against admissions as to that disputed fact.
- Concluding Thoughts
To conclude, accountability and minimizing future misconduct are important Commission and Division objectives. The Advisory released today works alongside prior Division advisories, including those describing the importance of self-reporting and cooperation.[14] Given my remarks today, you may wonder why a firm would self-report and cooperate if it could result in higher penalties, a Monitor, and admissions? This is a longer discussion, but the answer is fairly straightforward in my mind. If you self-report, fully cooperate, and remediate, it is likely you will receive a substantial reduction in the penalty that would otherwise be appropriate. It is also less likely the Division will recommend the imposition of a Monitor.
In a Division like ours, approaching resolutions requires consistent calibration to achieve the right balance between incentivizing settlements and deterring misconduct. In my view, the policies we are formalizing today are necessary and important to strike that balance properly.[15] Market participants need to know that there will be significant consequences for misconduct—and that self-reporting and cooperation are ways to mitigate those consequences.
These are first-of-their-kind initiatives for the CFTC. They will require fine-tuning, I’m sure. But we need to structure our resolutions now to achieve improved accountability and deter future misconduct.
The work we do at the CFTC, including the Division of Enforcement, is essential. We work to protect the public from fraud and preserve the integrity of markets. That is, our work is crucial to ensure that commercial end-users, like farmers, ranchers, manufacturers, and investors have confidence that the system is not rigged against them and they can continue to manage business and market risk. The initiatives I have announced today are all to those ends.
We won’t let up in our march toward those goals and applying the right touch along the way.
Thank you.
[1] See Press Release Number 8638-22, CFTC, CFTC Charges Sam Bankman-Fried, FTX Trading and Alameda with Fraud and Material Misrepresentations (Dec. 13, 2022), CFTC Charges Sam Bankman-Fried, FTX Trading and Alameda with Fraud and Material Misrepresentations | CFTC.
[2] See Press Release Number 8680-23, CFTC, CFTC Charges Binance and Its Founder, Changpeng Zhao, with Willful Evasion of Federal Law and Operating an Illegal Digital Asset Derivatives Exchange (Mar. 27, 2023), CFTC Charges Binance and Its Founder, Changpeng Zhao, with Willful Evasion of Federal Law and Operating an Illegal Digital Asset Derivatives Exchange | CFTC.
[3] See Press Release Number 8749-23, CFTC, CFTC Charges Alexander Mashinsky and Celsius Network, LLC with Fraud and Material Misrepresentations in Massive Commodity Pool Scheme Involving Digital Asset Commodities (July 13, 2023), CFTC Charges Alexander Mashinsky and Celsius Network, LLC with Fraud and Material Misrepresentations in Massive Commodity Pool Scheme Involving Digital Asset Commodities | CFTC.
[4] See Press Release Number 8805-23, CFTC, CFTC Charges Former Chief Executive Officer of Digital Asset Platform with Fraud in Massive Commodity Pool Scheme (Oct. 12, 2023), CFTC Charges Former Chief Executive Officer of Digital Asset Platform with Fraud in Massive Commodity Pool Scheme.
[5] See Press Release Number 8715-23, CFTC, Statement of CFTC Division of Enforcement Director Ian McGinley on the Ooki DAO Litigation Victory (June 9, 2023), Statement of CFTC Division of Enforcement Director Ian McGinley on the Ooki DAO Litigation Victory | CFTC.
[6] See Press Release Number 8801-23, CFTC Orders Three Financial Institutions to Pay Over $50 Million for Swap Reporting Failures and Other Violations (Sept. 29, 2023) (“Swap Dealer Resolutions”), CFTC Orders Three Financial Institutions to Pay Over $50 Million for Swap Reporting Failures and Other Violations.
[7] See generally, e.g., Testimony of Chairman Rostin Behnam Before the U.S. Senate Committee on Agriculture, Nutrition, & Forestry (March 8, 2023), Testimony of Chairman Rostin Behnam Before the U.S. Senate Committee on Agriculture, Nutrition, & Forestry (“I believe it is important for this Committee to evaluate current law to ensure penalties are appropriately calibrated to both penalize bad actors and deter fraud and manipulation in commodity derivatives markets.”).
[8] See, e.g., In re Goldman Sachs & Co. LLC, CFTC No. 23-59 (Sept. 29, 2023), available at CFTC Orders Three Financial Institutions to Pay Over $50 Million for Swap Reporting Failures and Other Violations.
[9] See, e.g., In re: JP Morgan Chase Bank, N.A., CFTC No. 23-61 (Sept. 29, 2023), and In re: Bank of America, N.A. and Merrill Lynch International, CFTC No. 23-58 (Sept. 29, 2023), available at CFTC Orders Three Financial Institutions to Pay Over $50 Million for Swap Reporting Failures and Other Violations.
[10] See Press Release Number 8801-23, supra n.6.
[11] See Enforcement Manual, CFTC Division of Enforcement, at 31, available at https://www.cftc.gov/media/1966; Enforcement Advisory: Cooperation Factors in Enforcement Division Sanction Recommendations for Companies (“Cooperation Factors for Companies”) and Enforcement Advisory: Cooperation Factors in Enforcement Division Sanction Recommendations for Individuals (“Cooperation Factors for Individuals”), available at https://www.cftc.gov/About/CFTCOrganization/SelfReportingCooperationandRemediation.
[12] See, e.g., In re Goldman Sachs & Co. LLC, CFTC No. 23-59 (Sept. 29, 2023), available at CFTC Orders Three Financial Institutions to Pay Over $50 Million for Swap Reporting Failures and Other Violations; In re The Bank of Nova Scotia, CFTC No. 20-26 (Aug. 19, 2020), available at CFTC Orders The Bank of Nova Scotia to Pay $127.4 Million for Spoofing, False Statements, Compliance and Supervision Violations.
[13] See, e.g., In re: JP Morgan Chase Bank, N.A., CFTC No. 23-61 (Sept. 29, 2023), and In re: Bank of America, N.A. and Merrill Lynch International, CFTC No. 23-58 (Sept. 29, 2023), available at CFTC Orders Three Financial Institutions to Pay Over $50 Million for Swap Reporting Failures and Other Violations; CFTC Orders Four Financial Institutions to Pay Total of $260 Million for Recordkeeping and Supervision Failures for Widespread Use of Unapproved Communication Methods (Aug. 8, 2023), available at CFTC Orders Four Financial Institutions to Pay Total of $260 Million for Recordkeeping and Supervision Failures for Widespread Use of Unapproved Communication Methods.
[14] See Self-Reporting, Cooperation, and Remediation, available at https://www.cftc.gov/About/CFTCOrganization/SelfReportingCooperationandRemediation (listing advisories and guidance); Enforcement Manual, supra n.11.
[15] See generally, e.g., Keynote of Chairman Rostin Behnam at the FIA Boca 2022 International Futures Industry Conference, Boca Raton, Florida (March 16, 2022), Keynote of Chairman Rostin Behnam at the FIA Boca 2022 International Futures Industry Conference, Boca Raton, Florida (“Inasmuch as the goal of enforcement is deterrence, the focus of our actions should not be solely motivated towards resolution. Rather, the focus should be to reduce the likelihood of misconduct by holding the right individuals accountable, clearly articulating findings and expectations through our speaking orders, and ensuring that penalties reflect the gravity of the harm to our markets and the public we protect.”).
-CFTC-