CFTC Commissioners Weigh In on Cyber Risks and Tech Developments at TAC Meeting

CFTC Commissioners weighed in on recent cybersecurity and technology developments within the derivatives markets. The issues were considered at the CFTC Technology Advisory Committee ("TAC") Meeting.

TAC Sponsor and CFTC Commissioner Christy Goldsmith Romero commented on the following key areas:

• Artificial Intelligence. She highlighted responsible usage of AI within financial markets, quoting an explanation - provided by ChatGPT - that "responsible AI in financial markets involves balancing the potential benefits of AI technologies with the need for ethical and transparent decision-making, regulatory compliance, and social responsibility."
• Cyber Resilience. Ms. Goldsmith-Romero concurred with the White House’s definition of cyber resilience published in its National Cybersecurity Strategy that resilience is "where cyber incidents and errors have little widespread or lasting impact" which, she added, requires planning and preparedness on each organization’s part.
• Cloud Technology. Following a Treasury report finding that almost 90 percent of surveyed banks rely on cloud services technology, Ms. Goldsmith-Romero called for "harmonization" among federal regulators in moving to the goal of creating a "defensible, resilient digital ecosystem where it is costlier to attack systems than defend them."
• Decentralized Finance ("DeFi"). Ms. Goldsmith-Romero stated that as the DeFi ecosystem grows, it is important that regulators and Congress have a common understanding of how DeFi works, how decentralized exchanges differ from centralized exchanges, and identify agreed upon indicators of decentralization. She said that DeFi poses 'unique challenges" with regard to digital identity and cyber vulnerabilities.

CFTC Commissioner Kristin N. Johnson provided prepared remarks on recent developments, highlighting:

• Artificial Intelligence. Ms. Johnson mentioned that beneficial advances in artificial intelligence have the ability to address "endemic challenges" within the U.S. economy. She stated that while AI has the potential to further financial inclusion, she also warned of AI’s ethical implications due to limited data sets and hardwiring biases in real-world deployment.
• Cyber Resilience. Ms. Johnson warned that cyber incidents are not isolated events but often demand coordination among market participants as well as systemically important market participants. She questioned whether risk management regulations are "broad enough in scope" to address cyber-related risks posed by third party service providers.
• Cloud Technology. Ms. Johnson referenced cloud-service providers ("CSPs") as playing an "increasingly critical and systemic role" within the U.S. financial system. She said that while technologically sophisticated, CSPs operate in a relatively unregulated space and due to their size and market power, can present challenges for regulated entities to enforce CSP compliance with CFTC regulatory safeguards.
• Digital Ledger Technologies ("DLTs"). Ms. Johnson encouraged regulators to examine "significant" risks posed by DLTs and growing cybersecurity threats, while also lauding benefits of new technologies. She considered potential use cases for DLTs, such as (i) providing "critical" infrastructure for developing carbon markets, (ii) helping farmers in the agriculture market with data management and operations, including enabling end-to-end traceability for perishable produce, (iii) allowing consumers to manage their own data through "digital identity" systems which use DLT systems and store users’ personal and financial information in a digital wallet and (iv) supplementing traditional credit underwriting data with "newer modeling techniques" using a broader range of source data (a/k/a "alternative data") to banks and creditors when assessing a consumer’s financial history.