Risk management and disaster recovery and business continuity policies and procedures have received heightened attention in the regulatory arena for some time.  A firm’s ability to understand and detect its exposures, whether from customer or proprietary trading, has been a critical focus of the Exchange.  Likewise, after the events of January 1, 2000 and September 11, 2001, a firm’s ability to understand its operational risks and to resume operations has become even more significant.

As such, the Board of Directors approved new rules for risk management and disaster recovery requirements for clearing members.  These rules established minimum standards which clearing members must meet based upon their customer base, trading operations, capital levels and product mix.

The new rules reflect the value and importance the Exchange places on risk management and disaster recovery.  Rule 903 – Risk Management and Rule 904 Disaster Recovery and Business Continuity are effective immediately.

The new rules are attached.  If you have any questions, please call the Audit Department at (312) 930-3230 or e-mail us at audits@cme.com.

Rule 903    RISK MANAGEMENT

All clearing members must have written risk management policies and procedures in place to ensure they are able to perform certain basic risk and operational functions at all times.   At a minimum, the following areas must be considered in the firm’s policies and procedures, depending on the firm’s size and its business and product mix:

A.  Trade Submission and Account Monitoring. Clearing members must have procedures in place to demonstrate compliance in the following areas for trades executed through both electronic platforms and open outcry:

1. Monitoring the credit risks of accepting trades of specific customers.
2. Monitoring the risks associated with proprietary trading.
3. Limiting the impact of significant market moves through the use of tools such as stress testing or position limits.
4. Maintaining the ability to monitor account activity on an intraday basis.
5. Ensuring order entry systems include the ability to set automated credit controls or position limits or requires a firm employee to enter orders.
6. Defining sources of liquidity for increased settlement obligations.

B.   Additional and/or Alternative Requirements.  Exchange staff may prescribe additional and/or alternative requirements in order for clearing members to comply with this Rule.

Rule 904    DISASTER RECOVERY AND BUSINESS CONTINUITY

All clearing members must have written disaster recovery and business continuity policies and procedures in place to ensure they are able to perform certain basic operational functions in the event of a significant internal or external interruption to their operations.   At a minimum, the following areas must be considered in the firm’s policies and procedures, depending on the firm’s size and its business and product mix:

A.   Clearing members must have procedures in place to allow them to continue to operate during periods of stress or to transfer accounts to another fully operational clearing member with minimal disruption to either the Exchange or their customers. In order to satisfy this requirement, clearing members must perform:

1.      Periodic testing of disaster recovery and business continuity plans.

2.      Duplication of critical systems at back up sites.

3.      Periodic back-up of critical information.

B.  Key Staff Contacts. Clearing members must maintain and, at the request of the Exchange, provide accurate and complete information for their key personnel. Clearing members must inform the Exchange whenever a change to its key personnel is made.

C.  Additional and/or Alternative Requirements.  Exchange staff may prescribe additional and/or alternative requirements in order for clearing members to comply with this Rule.