CFTC's Request for Comment on the Use of Artificial Intelligence in CFTC Regulated Markets
[35628]
February 27, 2024
TO: ICI MembersBroker/Dealer Advisory Committee
Chief Compliance Officer Committee
Investment Adviser and Broker-Dealer Standards of Conduct Working Group
Investment Advisers Committee
Retail SMA Advisory Committee
SEC Rules Committee SUBJECTS: Advertising
Compensation/Remuneration
Compliance
Disclosure
Distribution
Fees and Expenses
Intermediary Oversight
Operations
Pension
Recordkeeping
Technology & Business Continuity
Technology & Business Continuity RE: CFTC's Request for Comment on the Use of Artificial Intelligence in CFTC Regulated Markets
On January 25, 2024, the CFTC's Divisions of Market Oversight, Clearing and Risk, Market Participants, and Data and the Office of Technology Innovation issued a request for comment ("RFC") to better inform them on the current and potential uses and risks of artificial intelligence ("AI") in the derivatives markets the CFTC regulates.[1] The RFC, which is summarized below, includes questions on the definition of AI and its applications, including its use in trading, risk management, compliance, cybersecurity, recordkeeping, data processing and analytics, and customer interactions. The RFC also seeks comment on the risks of AI, including those related to market manipulation and fraud, governance, explainability, data quality, concentration, bias, privacy and confidentiality, and customer protection.
Comments on the RFC are due on April 24, 2024. At this time, ICI does not expect to comment on the RFC. If you have comments, please contact Mitra Surrell at mitra.surrell@ici.org no later than March 14, 2024.
The CFTC explains that entities regulated by the CFTC and other market participants are increasingly exploring and using AI and related technologies, posing risks to market safety, customer protection, governance, data privacy, mitigation of bias, and cybersecurity, among other issues. The CFTC issued the RFC to enable staff to assess the benefits and risks associated with the use of AI in CFTC-regulated markets, inform staff's supervisory oversight, evaluate the need for any future guidance and rulemakings, and monitor the adoption of AI, machine learning, and other automation uses in CFTC-regulated markets. The request was prompted, in part, by the White House's Executive Order encouraging independent regulators, such as the CFTC, to "consider using their full range of authorities to protect American consumers from fraud, discrimination and threats to privacy and to address other risks that may arise from the use of AI… ."[2]
Staff is specifically asking about AI use in CFTC-regulated markets, rather than broader questions about AI. This request uses the term "AI" in a manner consistent with the Executive Order to broadly refer to "a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations or decisions influencing real or virtual environments."[3]
The RFC divides questions into two sections: AI use and AI risks. The CFTC seeks comment on the definition of AI and its applications, including: 1) AI's use in trading, risk management, compliance, cybersecurity, recordkeeping, data processing and analytics, and customer interactions; and 2) the risks of AI related to market manipulation and fraud, governance, explainability, data quality, concentration, bias, privacy and confidentiality and customer protection.
In the AI use section, the CFTC asks how to appropriately scope the definition of AI and if there are ways in which AI is currently being used by CFTC-regulated entities for activities within the scope of the CFTC's jurisdiction - activities such as trading, data processing and analytics, risk management, compliance, books and records, systems development, cybersecurity and resilience, and customer interactions.[4] This section also asks whether a respondent envisions that firms or individuals will likely implement AI to accomplish CFTC-regulated activities in the near future, whether firms currently segment AI use based on the location of the facility or customer, and whether barriers exist that impede the use of AI suitable for accomplishing CFTC-regulated activities.[5]
Also in the AI use section, the CFTC asks a series of detailed questions related to AI and third-party service providers. The RFC inquires to what extent third-party service providers are relied upon for the provision of AI services and to what extent AI supports CFTC-regulated activities, and which services tend to be performed by in-house staff rather than third-party service providers.[6] The RFC also asks whether AI technologies are being developed within CFTC-regulated entities as proprietary technology, whether firms acquire that technology through third parties, what specific third-party AI-based software market participants are adopting, and what challenges CFTC-regulated entities face when attempting to manage, update, or deconstruct the decisions or analysis made by third-party created software or technology.[7] The RFC next requests information on how firms track AI use, how AI use accountability is assigned, audited, and updated, and prospective use of AI.[8]
In the AI risk section, the staff requests information regarding CFTC-regulated entities' governance structure modifications to address AI, firms' considerations around cybersecurity risk associated with AI, how firms contend with lack of explainability associated with some AI models, and potential transparency concerns that may arise as a result of SROs adopting AI technologies as part of their market oversight responsibilities.[9] The RFC additionally asks how AI use impacts data set quality and processes and whether controls are in place to ensure that the data used by AI is of sufficient quality and based on a sufficiently sized data set.[10]
Further, the RFC requests information on risks for manipulation, fraud, or other illicit activity in CFTC-regulated markets.[11] Staff asks respondents to describe the policies and practices adopted to prevent the use of AI-driven strategies in market manipulation schemes and efforts to use AI-based market supervisory technologies to detect market manipulation or fraud.[12] The CFTC also raises questions about concentration in AI services, steps to prevent discrimination and bias in AI, and controls and governance structures to protect consumer interests.[13] The RFC lastly requests information on AI's impact on individuals' privacy rights, protections in place to ensure confidentiality of proprietary data, third party AI technology risks, and AI's risk to market function.[14]
Mitra Surrell
Associate General Counsel, Markets, SMAs, & CITs
Cooper D'Anton
Legal Intern
Notes
[1] Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets, Release Number 8853-24 available at https://www.cftc.gov/media/10156/AI_RFC_012524/download.
[2] Exec. Order No. 14110, 88 Fed. Reg. 75191, 75214 (Oct. 30, 2023) available at https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/.
[3] Id. at 79193.
[4] RFC at questions 1-2(a)-(h). <span></span>
[6] Id. at question 6.
[7] Id.
[8] Id. at questions 7-8.
[9] Id. at questions 9-11.
[10] Id. at question 12.
[11] Id. at question 13.
[12] Id.
[13] Id. at questions 14-16.
b
[14] Id. at questions 17-19.