CFTC Issues Advisory Related to Use of Artificial Intelligence

Key Takeaways

• On December 5, 2024, the U.S. Commodity Futures Trading Commission (CFTC) issued a staff advisory on the use of artificial intelligence (AI) in CFTC-regulated markets by registered entities and registrants (the Advisory).
• The Advisory sets forth certain requirements under the Commodity Exchange Act (CEA) and CFTC regulations that could be implicated by current and potential AI uses and risks, including requirements related to order processing and trade matching, market surveillance, system safeguards, member assessment and interaction, settlement, risk assessment and risk management, compliance and recordkeeping, and customer protection.
• Although the CFTC has undertaken – and continues to undertake – a thorough analysis of the risks and impact of AI on financial markets (including whether regulation is warranted), the Advisory does not create any new or amended rules or regulations. Instead, the Advisory “reminds” CFTC-regulated entities of their existing obligations under the CEA and CFTC regulations.

CFTC’s Advisory Requirements Implicated by AI

In issuing the Advisory, the CFTC recognizes the potential for AI to transform the U.S. financial markets. However, given how far-reaching AI’s impact may be, the CFTC simultaneously cautions CFTC-regulated entities to be mindful of existing obligations under the CEA and CFTC regulations. In support, the Advisory sets forth certain requirements under applicable laws and regulations that could be impacted by AI use and risk, with the expectation that regulated entities will assess risks associated with AI and update policies and procedures accordingly, including adherence to applicable CFTC statutory and regulatory requirements regardless of whether the entity deploys AI directly or through a third-party service provider.

While these requirements are not exhaustive, they reflect the CFTC Staff’s understanding of the current and potential AI uses in the derivatives markets, informed by, among other things, responses to the Staff’s January 25, 2024 request for comment; engagement with market participants and financial regulators; ongoing analysis undertaken by the CFTC Chairman’s AI Task Force; and guidance issued by the Biden Administration.

Designated Contract Markets (DCMs), Swap Execution Facilities (SEFs), and Swap Data Repositories (SDRs)

Requirements include, but are not limited to:

• Order Processing and Trade Matching – DCMs, SEFs and SDRs may use AI to process orders or match trades, including as AI relates to the preparation of message data at the time of execution (e.g., a DCM may use AI to anticipate trades to allocate system resources and reduce post-trade message latencies). The Advisory specifically notes that DCMs must continue to provide competitive, open, and efficient markets and mechanisms for executing transactions that protect the price discovery process of trading in the centralized market of the DCM, irrespective of their use of AI, consistent with DCM Core Principle 9, which governs the execution of transactions.

• Market Surveillance – DCMs, SEFs and SDRs may use AI to detect abusive trading practices, investigate rule violations, and monitor markets in real time. The Advisory reminds DCMs and SEFs of their responsibility to maintain compliance staff and resources sufficient to conduct effective audit trail reviews, trade practice surveillance, market surveillance, and real-time marketing monitoring consistent with DCM Core Principles 2, 4 and 12; and SEF Core Principles 2, 3 and 4.

• System Safeguards – AI may be developed by some DCMs, SEFs and SDRs internally, while others may procure AI-based products and services from third parties. In either instance, the Advisory reminds DCMs, SEFs and SDRs to follow generally accepted standards and best practices with respect to the development, operation, reliability, security and capacity of the AI system, including maintaining appropriate controls consistent with DCM Core Principle 20, SEF Core Principle 14 and § 49.24 for SDRs.

Derivatives Clearing Organizations (DCOs)

While DCOs that employ AI must continue to comply with regulatory requirements, the CFTC recognizes that some DCOs may develop their own AI solutions internally, while others will procure such products and services from third parties. In both instances, DCOs must follow industry best practices concerning the development, operation and security of those systems using AI. That said, the use of AI may also implicate the following scenarios:

• Member Assessment and Interaction – DCOs may use AI in connection with the review of its clearing members’ compliance with DCO rules and to support communications with its members. The Advisory notes that AI chatbots may have access to external or internal datasets that may be comprised of member information. The Advisory reminds DCOs that Core Principle C (concerning participant admission and continuing eligibility) and Core Principle D (concerning monitoring credit exposure) continue to apply.

• Settlement – DCOs may use AI for settlement, including to facilitate netting or offset of positions as AI works to validate data, mine data anomalies prior to settlement, or identify failed trades. The Advisory reminds DCOs that Core Principle E (concerning the timely completion of settlement, the limitation of exposure of the DCO to settlement bank risks, and the ability to permit netting or offset arrangements) continues to apply.

• System Safeguards – DCOs may use AI to support the detection of and/or response to cyber intrusions and identification of cyber vulnerabilities and hardening defenses. The Advisory reminds DCOs that Core Principle B (concerning the collateral that will be used to meet the financial resource requirements), Core Principle D (concerning risk management activities), and Core Principle I (concerning system safeguards and operational risk) continue to apply in the event that DCOs use AI. These core principles and their related regulations apply even if a DCO relies on a third-party service provider for the provision of the AI. The CFTC also reminds DCOs of their obligation to provide CFTC Staff with advance notice of all material planned changes to automated systems that could impact the reliability, security or capacity of those automated systems, and all changes to the DCO’s program of risk analysis and oversight.

Futures Commission Merchants (FCMs), Swap Dealers (SDs), Commodity Pool Operators (CPOs), Commodity Trading Advisors (CTAs), Introducing Brokers (IBs), Retail Foreign Exchange Dealers (RFEDs), and Associated Persons (APs).

CFTC Staff has identified the following examples of where AI may be used:

• Risk Assessment and Risk Management – CFTC Staff expects FCMs, SDs, CPOs, CTAs, IBs, RFEDs and APs may use AI for the calculation and collection of initial and variation margin for unclear swaps. Even when using AI, these categories of registrants are still required to confirm the adequate performance of their systems to ensure that risk is properly managed consistent with CFTC regulations.

• Compliance and Recordkeeping – CFTC Staff monitors these categories of registrants for compliance with CFTC regulations, including with respect to recordkeeping and disclosure. Accordingly, the Staff recognizes that they may use AI, specifically generative AI, to support the accuracy and timeliness of financial information and risk disclosures provided to the CFTC pursuant to recordkeeping, disclosure, and financial reporting obligations. The Advisory reminds these registrants that they remain responsible for ensuring that such information and disclosures are compliant with applicable statutory and regulatory requirements.

• Customer Protection – The Advisory notes that a significant portion of CFTC regulations are related to consumer protection and will still apply if FCMs use AI, including to account for segregated funds.

Recent CFTC AI-Related Initiatives

Generally, the Advisory is not wholly surprising given the CFTC’s focus on emerging technologies and their impacts on regulated markets. Concerning AI specifically, the CFTC has taken several actions over the past year aimed at helping the Commission and market participants assess the risks of AI and ensuring its responsible use in CFTC-regulated markets. For example, on January 25, 2024, the CFTC issued a request for public comment on the use of AI in CFTC-regulated markets, seeking input on the risks of AI, the definition of AI, and the potential applications of AI, including risk management, trading, compliance, recordkeeping, data processing and analytics, customer interactions, and cybersecurity.

On May 1, 2024, the CFTC announced the designation of Dr. Ted Kaouk as the agency’s first Chief AI Officer. On May 2, 2024, the CFTC’s Technology Advisory Committee (TAC) released a Report on Responsible AI in Financial Markets with five main recommendations to the CFTC, including a recommendation to evaluate existing regulations related to AI. Shortly after, on May 6, 2024, CFTC Commissioner Kristin Johnson announced the CFTC’s agenda for assessing risks associated with the integration of AI in financial markets, which included a “principles-based regulatory framework” that in part focuses on considering existing regulations and whether certain key AI-related risks are addressed by those existing risk-management requirements.

Finally, on December 5, 2024, in accordance with the TAC’s recommendation and Commissioner Johnson’s agenda, the CFTC Divisions of Clearing and Risk, Data, Market Oversight, and Market Participants (Divisions) issued a staff advisory that “reminds” CFTC-regulated entities of their existing obligations under the CEA and CFTC’s regulations. The Staff of the Divisions emphasizes that the Advisory is not a checklist for compliance but rather a non-exhaustive list of existing statutory and regulatory requirements that may be implicated by CFTC-regulated entities’ use of AI.

What Lies Ahead

The CFTC expects that CFTC-regulated entities will use the Advisory to assess the risks of using AI and update policies, procedures, controls and systems according to applicable CFTC statutory and regulatory requirements. The Advisory encourages regulated entities to engage with the Staff when considering changes to risks that may arise with deployment of AI use cases and notes that the Staff may incorporate AI discussions in routine oversight activities. The Staff also noted it will continue to evaluate the need for future regulation, guidance and further action.

President-elect Trump recently announced a “White House A.I. & Crypto Czar,” which is demonstrative of the incoming administration’s commitment to ensuring that the U.S. is a global leader in AI; this announcement is seen as a demonstration of the President-elect’s industry- friendly approach. That said, the change in administration will see a change in CFTC leadership. The next Chair of the CFTC is unknown at the time of this writing, but we should expect that technology will be high on the priority list for the incoming Chair, with further attention given to AI, the potential for clarity around treatment and jurisdiction of digital assets, the development of a legal framework to regulate AI, and the overarching mission of ensuring the U.S. is the global leader in these technology areas.

[View source.]