The Risk Management Program for Futures Commission Merchants (17 CFR 1.11), also known as the Customer Protection Rule, requires clearing FCMs, among other obligations, to:
• Establish, maintain and enforce a system of risk management policies and procedures.
→ Policies and procedures should be designed to monitor and manage the risks associated with the activities of the futures commission merchant. This includes risks associated with market, credit, liquidity, foreign currency, legal, operational, settlement, segregation, technology and capital. Policies must also include risk-tolerance limits and exceptions.
• Maintain written risk management policies and procedures
→ The written policies and procedures must be furnished to the CFTC, the FCM’s self-regulatory organization and supervisory personnel of the FCM.
• Have the risk management program and written policies approved in writing by the FCM’s governing body and distributed to supervisory personnel.
→ Governing body means the proprietor, if the futures commission merchant is a sole proprietorship; a general partner, if the futures commission merchant is a partnership; the board of directors if the futures commission merchant is a corporation; the chief executive officer, the chief financial officer, the manager, the managing member, or those members vested with the management authority if the futures commission merchant is a limited liability company or limited liability partnership.
• Establish a risk management unit that provides quarterly reports to senior management.
→ The risk management unit must have sufficient authority; qualified personnel; and financial, operational, and other resources to carry out the risk management program. The risk management unit reports directly to senior management and must be independent from the business unit.