Hot Topics in National Futures Association Audits

As a result of the rescission of Rule 4.13(a)(4) for commodity pool operators (CPOs) advising funds offered to qualified eligible persons and the narrowing of the exclusion under Rule 4.5 available to registered investment companies, almost 600 new CPOs registered with the Commodity Futures Trading Commission (CFTC) and became members of the National Futures Association (NFA). The number of registered CPOs increased from 1,200 to 1,800. Currently-registered CPOs manage over 6,000 commodity pools. Before the advent of the new registrants, the first audit was generally expected within the first year of registration.

NFA Jurisdiction over Firms that Filed Notices of Exemption

In addition to the new registrations, the NFA received approximately 30,000 filings claiming exemptions from registration, including exemptions under Rule 4.13(a)(3), the de minimis exemption available to CPOs that manage funds trading commodity interests below a certain threshold. Exempt filers, if they are not registered for other purposes, are not NFA members; therefore, the NFA does not audit exempt filers to determine if the exemptions were appropriately filed or to evaluate the operations of the exempt filer. However, exempt filers are subject to the CFTC’s oversight which may inspect the correct calculation of de minimis trading. In addition, the NFA may assert jurisdiction over CPOs/ CTAs that are registered with respect to certain funds and that also operate funds for which they have claimed exemptions. When the NFA audits such registrants, it may also audit the operation of funds for which such registrants have claimed an exemption.

Frequency of NFA Audits

The NFA conducts periodic onsite visits to monitor compliance with CFTC/NFA rules and best practices. Historically, the first NFA audit of a new registrant would be conducted within the first year of registration. Subsequent audits would be scheduled after three or five years, depending on the risk profile of the firm in question with more frequent visits scheduled if the risk profile of the firm warranted an earlier audit. The frequency of NFA audits may be affected by the recent increase in new registrants.

Risk-Based Audit Selection of Firms

The NFA started developing its risk assessment program in 2006, but such a risk-based exam program has become imperative after the advent of the new registrants. The risk factors that may prompt an NFA examination are:

  • Customer complaints;
  • Business background of principals;
  • Funds under management, degree of leverage, or types of investments;
  • Concerns noted during a review of the firm’s promotional materials, disclosure documents, and/or financial filings;
  • Referrals received from other agencies;
  • Time since registration or last audit;


  • Previous audit findings.

The NFA has not announced exams similar to the Securities and Exchange Commission’s (SEC) “presence exams” (i.e., the SEC designed the presence exam program to deal with the large number of new SEC-registered investment advisers that came under the SEC’s jurisdiction after the rescission in the Dodd-Frank Act of the private fund exemption under the Investment Advisers Act of 1940).

The Audit Process

The audit is typically announced by phone call two weeks in advance. The NFA conducts a telephonic interview to determine the scope of the exam and provides an initial request for documents. The onsite portion of the exam lasts from a few days to a few weeks. The team of examiners typically consists of three to five examiners, for larger registrants. During the onsite portion of the exam, the NFA may request additional documents. Deficiencies are generally noted during the audit process, and the NFA attempts to find solutions and address them before the exit interview. The audit can result in a letter closing the audit, a letter noting deficiencies that could not be corrected during the onsite visit, or a referral to enforcement for more serious violations.

Common Deficiencies

When reviewing the common deficiencies below, SEC-registered investment advisers that are also registered CPOs and/or CTAs should also keep in mind the CFTC’s August 13, 2013 release on harmonizing obligations under the Commodity Exchange Act with the Investment Company Act of 1940, and in some cases, the Investment Advisers Act of 1940 applicable to CPOs of registered investment companies (available at groups/public/@lrfederalregister/ documents/file/2013-19894a.pdf).

1. Unlisted Principals and Unregistered Associated Persons: The NFA has noted during examinations of member firms some recurring registration deficiencies. These deficiencies appear unintentional for the most part and often relate to the proper listing of “principals” and registration of “associated persons” (APs), as well as the reporting of the termination of such persons.

Unlisted Principals. NFA Registration Rule 204(a)(2)(A) provides that each applicant for registration as a CPO and CTA must have at least one individual principal affiliated with it and listed in a firm’s registration form—CFTC/NFA Form 7-R. Each principal who is a natural person must also be listed on individual Form 8-R. The definition of “principal” found in NFA Registration Rule 101(t) is intricate and differs depending on the legal structure of a registrant (e.g., the principals of a CPO that is organized as a corporation or limited liability company are different than the principals of a CPO that is organized as a partnership) and on whether the person in question is an individual or an entity.

Unregistered APs. CFTC and NFA rules require all individuals employed by a CTA or CPO as APs to be registered as such with the CFTC. CFTC Rule 1.3 defines an AP as any individual who solicits clients or who supervises anyone engaged in such solicitation up the chain of command to the registrant’s chief executive officer. The CFTC and NFA interpret the term solicitation broadly to include virtually any interaction with clients other than mere provision of clerical services. Firms should ensure that they correctly identify and register their APs.

Reporting additions and terminations of Principal and APs. NFA Registration Rule 208 requires an NFA member to update its Form 7-R to reflect the addition of any new president, chief financial officer, or other “principal” of the member within 20 days after the applicable addition. NFA Registration Rule 214 provides that firms must notify the NFA within 20 days of terminating either an AP or a principal. Firms should ensure that they file timely notice that an AP or principal has been added or terminated.

2. Unregistered Branch Offices: A branch office is any location where a firm conducts business other than its principal business office regardless of whether any trading is conducted from that office. A branch office can be a location from which associated persons and principals of the firm work remotely (e.g., performing work from home). Any branch office must be identified as such on a firm’s Form 7-R and a branch manager must be appointed. The branch manager must have passed both the Series 3 and 30 examinations. A registrant is required to conduct an annual onsite audit of its branch offices. Firms must identify and register branch offices and operate them in accordance with the rules.

3. Failure to Update Registration Records: Registrants generally must ensure that the identification information, disciplinary history, contact details, and other information contained in their registration form— CFTC/NFA Form 7-R—remains current. Specifically, CFTC Rule 3.31 and NFA Registration Rule 210 require that all registrants “promptly” correct any deficiency or inaccuracy in the information contained in their Form 7-R and in each CFTC/ NFA Form 8-R used to report its principals and APs. Consequently, firms should ensure that each of its principals and APs are familiar with this obligation and should adopt policies and procedures to keep this information updated.

4. Bylaw 1101—Prohibition Against Dealing with Non-NFA Members: Under NFA Bylaw 1101, which is referred to as the “cornerstone” of NFA’s regulation, an NFA registrant may not do business with any person that is required to be registered as a futures commission merchant, introducing broker, CPO, or CTA but is not registered unless such person is exempt from CFTC registration and NFA membership. This provision imposes strict liability; however, the NFA interpretations of Bylaw 1101 state that a violation of Bylaw 1101 requires evidence indicating that the member knew or should have known it was doing business with a non-member that was required to be registered. The NFA will determine whether a member “should have known” of a violation in large part based on the adequacy of a member’s procedures used to ensure that its clients or other required parties are either not subject to registration with the CFTC or are registered with the CFTC and members of the NFA in such capacity. Firms should ensure that they have adequate policies and procedures in place to conduct the due diligence required by Bylaw 1101.

5. Disclosure Documents: With certain exceptions (such as under CFTC Rule 4.7 or CFTC Rule 4.13), CFTC and NFA rules provide that a registered CPO and CTA must furnish its clients and prospective clients with a disclosure document that has been reviewed and accepted by the NFA before it solicits a client account. Disclosure documents must be filed with and accepted by the NFA every twelve months (formerly nine months) or they can no longer be used. They must disclose a number of prescribed items that are not necessarily contained in a typical private placement memorandum. Registrants operating under the 4.7 “regulation lite” regime are exempt from delivering a disclosure document; however, many of these firms do so anyway to avoid anti-fraud claims. Firms should ensure their disclosure documents are consistent with their operations (e.g., fee structure, redemptions or trading strategy) and should update them to reflect changes.

6. Performance Reporting: The CFTC and NFA have enacted rules that stipulate how performance should be reported. Most importantly, NFA Rule 2-29 requires that any performance used by a registrant in communications with investors or potential investors be calculated consistent with the CFTC’s Rule 4.25 and Rule 4.35, both of which contain a number of formulas. Performance reporting should contain specific data and be presented in a specific manner with certain items being itemized. Special rules apply for the calculation of performance in partially-funded accounts. If a firm operates pursuant to Rule 4.7, performance does not have to include the specific data required by the CFTC rules or presented in that format. However, that performance must comply with the anti-fraud provisions of CFTC rules. Most importantly, this requires that performance must be calculated net of all fees and expenses and must be representative of performance in all comparable accounts. A registrant’s performance calculation must be consistent with the CFTC rules, and the registrant must maintain supporting spreadsheets to prove such calculation. Entities that are dually-registered SEC advisers must comply with SEC rules and regulations.

7. Bunched Orders Allocated in a Preferential Manner: Under CFTC Rule 1.35 and NFA Compliance Rule 2-10, bunched orders are permitted for customer accounts and should be allocated as of the end of the trading day pursuant to exchange rules. To the extent that client orders are bunched, a registrant should ensure that the allocation method is fair, verifiable and consistently applied. A registrant is required to conduct a quarterly review of accounts to ensure that bunched orders are allocated in a non-preferential manner and to keep records sufficient to demonstrate its compliance with the rule.

8. Incomplete Financial Reporting: CPOs must file an annual financial report with the NFA and distribute such report to their investors. They must also send account statements to their pool participants monthly (or quarterly for 4.7 pools). CFTC Rule 4.22 contains a checklist of what should be included in these reports, including a manually signed oath or affirmation as to their accuracy and completeness. Firms should include the information required under the oath or affirmation. Additionally, registrants that provide account statements and reports to investors electronically should obtain their written consent to electronic delivery as required by the CFTC. Further, CFTC rules require a registrant to report the income and value of the pool in its entirety and not just that of the individual account. When firms report the individual participant’s change in net asset value and statement of income, firms must also include the information for the pool as a whole.

9. Inadequate Business Continuity and Disaster Recovery Plans: Pursuant to NFA Compliance Rule 2-38, the NFA requires that a firm maintain a business continuity and disaster recovery plan that must include, among other items, a plan for addressing the death or incapacitation of key personnel (such as a head trader) as well as technological disasters.

10. Inadequate Books and Records: CFTC Rule 4.23 generally requires a registered CPO to make and keep numerous categories of books and records for a period of five years. Rule 4.7 registrants are subject to fewer book-keeping requirements but must still maintain a number of books and records related to their operations including records that all their investors are QEPs.

Survival Tips: How to Prepare for and Survive an NFA Audit

The deficiencies listed above are the most commonly found in NFA audits. There are of course many other recurring deficiencies such as a failure to conduct ethics training required by CFTC rules and lack of adequate supervision. The best way to prepare for an NFA audit is to carefully complete the NFA self-audit questionnaire that NFA members have an obligation to complete annually. If correctly and thoroughly completed, the NFA self assessment questionnaire is a great aid in identifying and addressing deficiencies. Another useful tool is a “mock audit” that a firm can conduct by going through an NFA request list. As mentioned in this article, dually registered SEC-investment advisers should also keep in mind compliance with SEC rules governing advisers as they address CFTC and NFA rules and develop and operate their compliance program accordingly.

Reproduced with permission.  This article appeared in the October 2013 IAA Newsletter.


Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on CCO topics.
tip: check both to keep informed!


FINRA’S Box of Chocolates

While we know you prefer a box of chocolates today instead of this industry update on compliance, this one is a gift and hence, will not add to your ever-growing... read more »

A Motivated Agency: The SEC Closing the Loop on the Edgar System Cyber Breach

You may recall after Clayton took the helm as Chairman at the SEC, the agency disclosed that it had its own cyber breach and the Edgar system was compromised. Today,... read more »

Examiners Take Reprieve with Gov’t Shut Down, But CCOs Must Carry On

These government shut downs don’t usually go on indefinitely. Before we blink an eye, examiners will be back on the beat. CCOs must stay vigilant. On December 20th the SEC’s Office... read more »

Pre-Dating & Back-Dating are Equally Risky

The SEC today suspended three accountants formerly of BDO USA LLP for improper professional conduct during its 2013 audit of AmTrust Financial Services Inc., an exchange-listed insurance company. According to the... read more »

Fiduciary Duty

On Friday, September 28, 2018 the SEC charged LendingClub Asset Management (LCA) and its former president Renaud Laplanche with fraud for improperly using fund money to benefit LendingClub Corporation (LendingClub),... read more »

Exciting Summer Project -- Dig Into Some Sand or Dig Into Your Firm's Best Ex Pr…

The Office of Compliance Inspections and Examinations (OCIE) issued a risk alert July 11 targeting investment advisers’ most common deficiencies with regard to their best execution obligations under the Investment... read more »


Chief Compliance Officer Roundtable: Breakfast Briefing - November 8, 2018

When: November 8, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Dorsey PF 2018 Symposium

When: September 26, 2018 (8:30 am - 6 pm Where: Dorsey & Whitney LLP | 51 W. 52nd Street | New York, NY 10019 Directions > SEC3’s President, Janaya Moscony will join...

Chief Compliance Officer Roundtable: Breakfast Briefing - June 14, 2018

When: June 14, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Webinar: 2018 SEC Exam Priorities & Recent Exam Highlights

Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. Tobin S. Cochran, Managing Member/President of Focus 1 Associates, LLC and...

Chief Compliance Officer Roundtable: Breakfast Briefing - February 7, 2018

When: February 7, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Upcoming Events - September & October 2017

Upcoming Events Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. SEC3 is teaming up with industry experts in NYC to discuss...

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...