2/25/19 - Promontory Currents: CFTC Focuses on Swap Dealers’ Third-Party Vendor Relationships in 2019 Examination Priorities
Home > News & Insights > Insights & Publications

2/25/19 - Promontory Currents: CFTC Focuses on Swap Dealers’ Third-Party Vendor Relationships in 2019 Examination Priorities

By Doug Harris and Alison Shanahan

On Feb. 12, 2019, the divisions of the Commodity Futures Trading Commission announced their 2019 examination priorities1 for the infrastructure and intermediaries of the derivatives markets. The announcement marks the first time the divisions have published their examination priorities. While the priorities affect a broad range of registrant types, including swap execution facilities, derivatives clearing organizations, and futures commission merchants, this Currents discusses the CFTC’s focus on swap dealers’ third-party vendor relationships.

The CFTC’s announcement notes that its division of swap dealer and intermediary oversight performs oversight of swap dealers. However, upon the enactment of the Dodd-Frank Act, the CFTC largely delegated oversight of swap dealers to the National Futures Association, which will continue to be responsible for the registration and routine examination of swap dealers. To date, the NFA has examined swap dealers for compliance with the requirements contained in Section 4s of the Commodity Exchange Act (as amended by the Dodd-Frank Act), CFTC regulations, and NFA member rules (e.g., dispute reporting, cybersecurity). While assessing the security threats critical third-party service providers pose to swap dealers’ information systems is a component of the NFA’s cybersecurity guidance2, third-party risk management more broadly has not been a standalone examination topic for swap dealers.

The CFTC’s announcement means that a review of third-party vendor relationships will certainly be an element of the limited examinations the commission performs, and may even portend a horizontal review of such relationships across the swap dealer industry. As previously mentioned, the NFA already reviews swap dealers’ management of third-party vendors in connection with its review of swap dealers’ information-systems security programs. The CFTC and NFA are likely to continue to coordinate their examinations to ensure their reviews are not duplicative.

While third-party risk management may be a new examination focus for the CFTC, banking regulators such as the Office of the Comptroller of the Currency and Federal Reserve Board have long required and expected banking organizations to identify, manage, and mitigate the risks associated with third-party vendor relationships. Their expectations provide useful guidance as to how the CFTC might assess third-party vendor relationships and insight into how swap dealers can best manage third-party risk3. Accordingly, when reviewing a swap dealer’s relationships with its vendors and its procedures for managing vendor risk, the CFTC is likely to focus on the following:

  • The adequacy of the documentation of the vendor relationship
  • The potential for cybersecurity breaches
  • Restrictions on the disclosure or misuse of confidential information 
  • Indemnification and recourse mechanisms
  • The impact of the vendor’s performance on the swap dealer’s compliance with regulatory requirements

To prepare for an examination of existing third-party vendor relationships, swap dealers should determine whether they need to establish — or enhance an existing — vendor-management policy. Such a policy should cover the following:

  • Selection and approval processes for new vendor relationships, including due-diligence reviews
  • Required documentation (including provisions addressing the rights and responsibilities of the swap dealer and vendor)
  • The monitoring of vendor activities and performance
  • Processes for escalating issues
  • Responsibilities for overseeing and managing the relationship and risk management processes
  • Independent reviews that assess the adequacy of risk management processes
  • Contingency planning and exit strategies

Swap dealers should also inventory and review existing relationships with key vendors, giving special consideration to vendors that support the following critical processes:

  • Regulatory reporting and record-keeping
  • Swap confirmation and trade compression
  • Counterparty onboarding, including anti-money-laundering/know-your-customer processes and documentation for trading relationships
  • Margin exchange

Swap dealers should also consider the particular risks that certain third parties present. Certain vendors, such as those that provide trade-reporting services, support complex processes that are already the focus of CFTC and NFA scrutiny. In addition, risks may arise from the potential for error in the business processes of some vendors — for instance, those that support the negotiation and digitization of legal documentation. Many such vendors are beginning to offer complex technological solutions driven by artificial intelligence and machine learning. While these solutions present the opportunity for long-term efficiency and cost reduction, swap dealers should be mindful of their potential risks.


Doug Harris is a managing director in Promontory’s New York office, and Alison Shanahan is an associate in Promontory’s Washington office.  


  1. CFTC Divisions Announce Examination Priorities,” Commodity Futures Trading Commission (Feb. 12, 2019).
  2. Interpretive Notice: 9070 – NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs,” National Futures Association (Dec. 5, 2018).
  3. New Challenges in Managing Third-Party Relationships,” Promontory Financial Group (April 26, 2017).