AGENCY:
Commodity Futures Trading Commission.
ACTION:
Final rule.
SUMMARY:
The Commodity Futures Trading Commission (“CFTC” or “Commission”) is making a correction to one of the Commission's regulations to restore text that was inadvertently deleted in a 2011 amendment to that regulation.
DATES:
Effective June 17, 2020.
FOR FURTHER INFORMATION CONTACT:
Joshua Sterling, Director, (202) 418-6056, jsterling@cftc.gov; Frank Fisanich, Chief Counsel, (202) 418-5949, ffisanich@cftc.gov; or Jacob Chachkin, Special Counsel, (202) 418-5496, jchachkin@cftc.gov, Division of Swap Dealer and Intermediary Oversight, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.
SUPPLEMENTARY INFORMATION:
I. Background
Section 501 of Title V of the Gramm-Leach-Bliley Act (“Title V”) mandates that certain agencies covered by Title V establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical and physical safeguards—(1) to insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.[1] The Commission and entities subject to its jurisdiction were originally excluded from Title V's coverage.[2] However, section 124 of the Commodity Futures Modernization Act of 2000 [3] amended the Commodity Exchange Act (“CEA”) to add section 5g,[4] providing that futures commission merchants (“FCMs”), commodity trading advisors (“CTAs”), commodity pool operators (“CPOs”), and introducing brokers (“IBs”) [5] fall under the requirements of Title V and requiring the Commission to prescribe regulations in furtherance of Title V. Thus, in 2001, the Commission promulgated part 160 of its regulations to establish standards relating to Title V, and, specifically, § 160.30 in relation to section 501's mandate.[6]
Commission regulation 160.30 implements this mandate by requiring every FCM, RFED, CTA, CPO, IB, MSP, or SD that is subject to the jurisdiction of the Commission (“Covered Persons”) [7] to adopt policies and procedures to address administrative, technical and physical safeguards for the protection of customer records and information (the “General Requirement”).[8] In addition, mirroring section 501 of the GLB Act, the 2001 Rulemaking further required (the “Detailed Requirements”) that the policies and procedures be reasonably designed to: (i) Insure the security and confidentiality of customer records and information; (ii) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.[9] However, when the 2011 Amendment revised § 160.30 to add SDs and MSPs to the list of entities in § 160.30's introductory sentence (and, thus, subject to it), the Detailed Requirements were inadvertently deleted.[10]
II. Proposal
On November 12, 2019, the Commission published a Notice of Proposed Rulemaking [11] to amend § 160.30 of the Commission's regulations (the “Proposal”). Specifically, the Commission proposed to restore the inadvertently deleted Detailed Requirements in § 160.30. As discussed above and in the Proposal, the Detailed Requirements mirror the requirements of section 501 of the GLB Act, pursuant to which part 160 of the Commission's regulations was adopted.
The Commission requested comments on the Proposal. The comment period for the Proposal ended on December 12, 2019.
III. Summary of Comments and Final Rule
The Commission received two relevant comments on the Proposal,[12] both of which were from individuals and supportive of the Proposal. The Commission did not receive any comments on the Proposal from Covered Persons.
The Commission is adopting this Final Rule (“Final Rule”) as proposed. Accordingly, the Commission is adopting the amendments to Commission regulation 160.30 as shown in the rule text in this document and for the reasons discussed in the Proposal and reiterated above.
IV. Related Matters
A. Regulatory Flexibility Act
The Regulatory Flexibility Act [13] (“RFA”) requires federal agencies to consider whether the rules they propose will have a significant economic impact on a substantial number of small entities and, if so, to provide a regulatory flexibility analysis regarding the economic impact on those entities. In the Proposal, the Commission certified that the Proposal would not have a significant economic impact on a substantial number of small entities. The Commission requested comments with respect to the RFA and received no such comments.
As discussed in the Proposal, this Final Rule will restore the inadvertently deleted Detailed Requirements in § 160.30. To the extent that the Final Rule will impact Covered Persons that may be small entities for purposes of the RFA,[14] the Commission considered whether the Final Rule will have a significant economic impact on such Covered Persons.
In restoring the inadvertently deleted Detailed Requirements the Final Rule will simply set forth, consistent with the § 160.30 Guidance and the GLB Act, what is necessary to satisfy the General Requirement that already applies to Covered Persons. Therefore, the Commission believes that the Final Rule will not have a significant economic impact on a substantial number of small entities, as defined in the RFA.
Accordingly, the Chairman, on behalf of the Commission, hereby certifies pursuant to 5 U.S.C. 605(b) that the Final Rule will not have a significant economic impact on a substantial number of small entities.
B. Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (“PRA”) [15] imposes certain requirements on Federal agencies, including the Commission, in connection with their conducting or sponsoring any collection of information, as defined by the PRA. The Commission may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid Office of Management and Budget (“OMB”) control number.
The Commission has previously received a control number from OMB that includes the collection of information associated with the General Requirement. The title for this collection of information is “Privacy of Consumer Financial Information, OMB control number 3038-0055”.[16] Collection 3038-0055 is currently in force with its control number having been provided by OMB. Because in restoring the inadvertently deleted Detailed Requirements, the Final Rule simply sets forth, consistent with the § 160.30 Guidance and the GLB Act, what is necessary to satisfy the General Requirement that already applies to Covered Persons, the Commission believes that the Final Rule does not impose any new recordkeeping or information collection requirements, or other collections of information that require approval of OMB under the PRA.
In the Proposal, the Commission invited the public and other Federal agencies to comment on any aspect of the information collection requirements discussed therein. The Commission did not receive any such comments.
C. Cost-Benefit Considerations
Section 15(a) of the CEA requires the Commission to consider the costs and benefits of its actions before promulgating a regulation under the CEA. Section 15(a) further specifies that the costs and benefits shall be evaluated in light of the following five broad areas of market and public concern: (1) Protection of market participants and the public; (2) efficiency, competitiveness, and financial integrity of futures markets; (3) price discovery; (4) sound risk management practices; and (5) other public interest considerations. The Commission considers the costs and benefits resulting from its discretionary determinations with respect to the section 15(a) considerations.
As discussed above, in the Final Rule, the Commission is restoring the inadvertently deleted Detailed Requirements in § 160.30. Below, the Commission discusses the costs and benefits of the Final Rule.[17] The baseline against which the costs and benefits are considered is the current status quo for Covered Persons with respect to their obligation to satisfy the General Requirement under § 160.30.[18] The Commission recognizes that there are inherent costs and benefits to Covered Persons in providing requirements for specific customer privacy policies and procedures, which Congress took into account in codifying the GLB Act.
The inadvertent deletion of the Detailed Requirements in § 160.30 affected entities that were required to comply with the Detailed Requirements prior to the 2011 Amendment as well as the two types of entities (SDs and MSPs) the rule was being revised to include. Due to the inadvertent nature of the deletion of the Detailed Requirements, and that they applied prior to the 2011 Amendment, the Commission expects the number of entities affected by the Final Rule to be negligible, if any. Consequently, the Commission believes that the restoration of the Detailed Requirements in § 160.30, consistent with the § 160.30 Guidance and the GLB Act, does not alter existing benefits and costs. The Commission, however, recognizes that this Final Rule may benefit certain Covered Persons by, consistent with the GLB Act, specifying what types of policies and procedures are necessary to satisfy the General Requirement. In doing so, this Final Rule may reduce any potential confusion and allow Covered Persons to design and maintain their policies and procedures to focus on the specified areas mandated by the GLB Act. In this regard, this Final Rule may allow Covered Persons to more efficiently utilize their resources in developing policies and procedures in compliance with § 160.30. This Final Rule also will, consistent with the GLB Act,[19] result in § 160.30 being more similar to regulations adopted by the SEC and FTC pursuant to the GLB Act and to which certain Covered Persons may be subject.[20]
The Commission recognizes that, as a result of this Final Rule, certain Covered Persons may become subject to more specific requirements under § 160.30 than they are currently. However, given that the General Requirement currently applies to Covered Persons, and the § 160.30 Guidance that remains in effect takes into account the substance of the Detailed Requirements, the Commission believes that the burden of this Final Rule on Covered Persons will not be significant.
1. Section 15(a) Considerations
In light of the foregoing, the CFTC has evaluated the costs and benefits of this Final Rule pursuant to the five considerations identified in section 15(a) of the CEA as follows:
(1) Protection of Market Participants and the Public
This Final Rule's restoration of the Detailed Requirements may protect market participants and the public by ensuring that the policies and procedures required under § 160.30 are reasonably designed to address the specific areas mandated by Congress in the GLB Act.
(2) Efficiency, Competitiveness, and Financial Integrity of Markets
This Final Rule may reduce confusion and allow Covered Persons to design and maintain their policies and procedures to focus on the specified areas mandated by the GLB Act. This may allow Covered Persons to more efficiently utilize their resources in developing policies and procedures in compliance with § 160.30. In addition, consistent with the GLB Act, this Final Rule will further align the consumer privacy regulations of the Commission, FTC, and SEC, which may lower costs for certain Covered Persons.
(3) Price Discovery
The Commission has not identified an impact on price discovery as a result of this Final Rule.
(4) Sound Risk Management
The Commission has not identified an impact on sound risk management as a result of this Final Rule.
(5) Other Public Interest Considerations
Consistent with the GLB Act, this Final Rule will further align the consumer privacy regulations of the Commission, FTC, and SEC.
2. Comments on Cost-Benefit Considerations
The Commission invited public comment on its cost-benefit considerations in the Proposal, including the Section 15(a) factors described above. The Commission received no such comments.
D. Antitrust Considerations
Section 15(b) of the CEA [21] requires the Commission to take into consideration the public interest to be protected by the antitrust laws and endeavor to take the least anticompetitive means of achieving the objectives of the CEA, as well as the policies and purposes of the CEA, in issuing any order or adopting any Commission rule or regulation (including any exemption under section 4(c) or 4c(b)), or in requiring or approving any bylaw, rule, or regulation of a contract market or registered futures association established pursuant to section 17 of the CEA.
The Commission believes that the public interest to be protected by the antitrust laws is generally to protect competition. The Commission requested and did not receive any comments on whether the Proposal implicated any other specific public interest to be protected by the antitrust laws.
The Commission has considered this Final Rule to determine whether it is anticompetitive and has identified no anticompetitive effects. The Commission requested and did not receive any comments on whether the Proposal was anticompetitive and, if it is, what the anticompetitive effects are.
Because the Commission has determined that this Final Rule is not anticompetitive and has no anticompetitive effects and received no comments on its determination, the Commission has not identified any less anticompetitive means of achieving the purposes of the CEA.
List of Subjects in 17 CFR Part 160
- Brokers
- Consumer protection
- Privacy
- Reporting and recordkeeping requirements
For the reasons stated in the preamble, the Commodity Futures Trading Commission amends 17 CFR part 160 as follows:
PART 160—PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT
1. The authority citation for part 160 continues to read as follows:
2. Revise § 160.30 to read as follows:
Every futures commission merchant, retail foreign exchange dealer, commodity trading advisor, commodity pool operator, introducing broker, major swap participant, and swap dealer subject to the jurisdiction of the Commission must adopt policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information. These policies and procedures must be reasonably designed to:
(a) Insure the security and confidentiality of customer records and information;
(b) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and
(c) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.
Issued in Washington, DC, on April 17, 2020, by the Commission.
Robert Sidman,
Deputy Secretary of the Commission.
Note:
The following appendix will not appear in the Code of Federal Regulations.
Appendix to Privacy of Consumer Financial Information—Commission Voting Summary
On this matter, Chairman Tarbert and Commissioners Quintenz, Behnam, Stump, and Berkovitz voted in the affirmative. No Commissioner voted in the negative.
Footnotes
1. Section 501, Subtitle A, Title V, Public Law 106-102, 113 Stat. 1338 (1999), as codified at 15 U.S.C. 6801.
Back to Citation2. 15 U.S.C. 6809(3)(B).
Back to Citation3. Section 124, Appendix E of Public Law 106-554, 114 Stat. 2763 (2000).
Back to Citation4. 7 U.S.C. 7b-2.
Back to Citation5. For the definitions of these intermediary categories, see section 1a of the CEA and § 1.3 of the Commission's regulations. 7 U.S.C. 1a and 17 CFR 1.3. Commission regulations referred to herein are found at 17 CFR chapter I.
Back to Citation6. Privacy of Customer Information, 66 FR 21235 (April 27, 2001) (“2001 Rulemaking”). The Commission later modified its part 160 regulations to apply them to retail foreign exchange dealers (“RFEDs”), swap dealers (“SDs”), and major swap participants (“MSPs”). Regulation of Off-Exchange Retail Foreign Exchange Transactions and Intermediaries, 75 FR 55409 (Sept. 10, 2010) for RFEDs, and Privacy of Consumer Financial Information; Conforming Amendments Under Dodd-Frank Act, 76 FR 43874 (July 22, 2011) for SDs and MSPs (“2011 Amendment”). For the definition of RFED, see § 5.1(h). 17 CFR 5.1(h). For the definitions of SD and MSP, see section 1a of the CEA and § 1.3 of the Commission's regulations. 7 U.S.C. 1a and 17 CFR 1.3.
Back to Citation7. 17 CFR 160.30. Part 160 does not apply to foreign (non-resident) FCMs, RFEDs, CTAs, CPOs, IBs, MSPs, and SDs that are not registered with the Commission. 17 CFR 160.1. Therefore, they are not “Covered Persons” as defined in this release.
Back to Citation8. 17 CFR 160.30.
Back to Citation9. See 2001 Rulemaking at 21250.
Back to Citation10. See 2011 Amendment at 43879. With respect to § 160.30, the preamble to the 2011 Amendment only discusses amending the introductory sentence of § 160.30 to add SDs and MSPs to the list of CFTC registrants that must comply with that regulation. See id. at 43876. Further, the Commission notes that the Detailed Requirements continued to be included in Commission staff guidance on compliance with § 160.30 after the 2011 Amendment. See CFTC Staff Advisory No. 14-21 (Feb. 26, 2014) (“§ 160.30 Guidance”). In addition, the Commission notes that restoring the Detailed Requirements will make § 160.30 more consistent with similar rules adopted by the Securities and Exchange Commission (“SEC”) and the Federal Trade Commission (“FTC”) under the GLB Act. See 17 CFR 248.30 and 16 CFR 314.3, respectively.
Back to Citation11. Privacy of Consumer Financial Information, 84 FR 60963 (Nov. 12, 2019).
Back to Citation12. The Commission also received one comment that was not relevant to the Proposal. All of the comments are available at https://comments.cftc.gov/PublicComments/CommentList.aspx?id=3047.
Back to Citation13. 5 U.S.C. 601 et seq.
Back to Citation14. The Commission has previously determined that certain entities are not “small entities” for purposes of the RFA. See, e.g., 47 FR 18618, 18619 (Apr. 30, 1982) (registered FCMs); 75 FR 55410, 55416 (Sept. 10, 2010) (RFEDs); 77 FR 2613, 2620 (Jan. 19, 2012) (SDs and MSPs). However, the Commission has determined that CPOs exempt pursuant to 17 CFR 4.13(a) are small entities. See 46 FR 26004 (May 8, 1981); 47 FR at 18619. The definitions of IB and CTA are also broad enough to potentially encompass “small entities.” See 48 FR 35248, 35276 (Aug. 3, 1983) (recognizing that the IB definition “undoubtedly encompasses many business enterprises of variable size”); 47 FR at 18620 (the category of CTAs is “too broad” for a general determination regarding their small entity status).
Back to Citation15. 44 U.S.C. 3501 et seq.
Back to Citation16. See OMB Control No. 3038-0055, http://www.reginfo.gov/public/do/PRAOMBHistory?ombControlNumber=3038-0055# (last visited Jan. 6, 2020).
Back to Citation17. The Commission endeavors to assess the expected costs and benefits of its proposed rules in quantitative terms where possible. Where estimation or quantification is not feasible, the Commission provides its discussion in qualitative terms. Given a general lack of relevant data, the Commission's assessment is generally provided in qualitative terms.
Back to Citation18. The Commission notes that the consideration of costs and benefits below is based on the understanding that the markets function internationally, with many transactions involving United States firms taking place across international boundaries; with some Commission registrants being organized outside of the United States; with some leading industry members typically conducting operations both within and outside the United States; and with industry members commonly following substantially similar business practices wherever located. Where the Commission does not specifically refer to matters of location, the discussion of costs and benefits below refers to the effects of this Final Rule on all activity subject to the amended regulations, whether by virtue of the activity's physical location in the United States or by virtue of the activity's connection with activities in, or effect on, United States commerce under CEA section 2(i), 7 U.S.C. 2(i). In particular, the Commission notes that some Covered Persons are located outside of the United States.
Back to Citation19. See 15 U.S.C. 6804(a)(2).
Back to Citation20. See n.10, supra.
Back to Citation21. 7 U.S.C. 19(b).
Back to Citation[FR Doc. 2020-08552 Filed 5-15-20; 8:45 am]
BILLING CODE 6351-01-P