User Help System
Secure File Transfer Management
CME offers Secure File Transfer Protocol (SFTP), a file transfer protocol service that uses the SSH protocol and public / private key authentication to securely transfer data to / from CME Group and customers. With this technology offering, data within directories is also secured.
Firm designated Back-Office Admin Managers (AM) are assigned the responsibility for managing SFTP IDs and granting permission to additional individuals to create and manage SFTP IDs; by submitting a registration form or using self-service application functions.
Request Access
- Futures & Options: To receive a secure SFTP ID and Password or install a public key, contact CME Clearing Services:
- onboarding@cmegroup.com
- 1 312 338 7112
- BrokerTec: See SFTP Process (below). To designate / update AM assignment or resolve access issues, contact Enterprise Application & System Entitlements (EASE).

- Entity registers for SFTP and designates the AM.
- Request Post Trade Reporting access by completing and submitting the SFTP Production Registration form.
- Request Billing Group report access by completing and submitting the BrokerTec Billing Group SFTP Production Registration Form.
- CME Group creates a SFTP account for the entity, then notifies the AM.
Prior to permissions assignment, users must have a valid CME Group Login; and an activation token.
- The AM accesses SFTP Management to authorize individuals at their firm to create and manage SFTP IDs.
- An authorized user can access SFTP Management and creates SFTP IDs.
- An authorized user can add a SSH Key to encrypt the SFTP ID login.
- Specify the public key that CME Group will use to send encrypted files to your directories.
- Obtain the public key to send encrypted files to CME Group.

To request EBS report access:
- CME Group Login: Users must create or use an existing CME Group Login to register for EBS reporting services and application access to EREP / SFTP / Request Center.
For application access requests, users provide their existing CME Group Login ID and secure token to their entity administrator.
Note: CME Group or entity administrators will never ask for your password.
- Contact Global Account Management (GAM): CME Group offers a suite of tools to help customers manage registration and on-boarding to applications and services. To get started with self-service solutions and obtain the CME Customer Center Self-Service form, contact GAM.
- For an overview of EBS services, including onboarding, reporting services and registration forms, refer to the EBS Operational Readiness Guide and Applications and Services.
- Submit Self-Service Form: Submit the completed CME Customer Center Self-Service form to GAM.
The self-service form is completed by the Entity Officer who identifies back office admin manager(s) that are responsible for system administration, user entitlements and application restrictions. The back office admin manager is responsible for administration of applications or assignment of privileges to additional user(s) and approving self (Request Center) service requests submitted by entity users.
- Submit EBS EREP and SFTP Report and Billing Registration Form(s):
- EBS Standard Report EREP Registration form: Request access to a standard set of reports, including: EBS EFIX, EBS Operations and EBS Spot & Metals.
- EBS Credit Report EREP Registration form
- EBS Regulatory Report EREP Registration form
- EBS Session Report EREP Registration form
- EBS Billing Report EREP Registration form
- EBS SFTP Production Registration form - Institution Report
- EBS Institutional Report EREP Registration Form: Request access to institutional reports for spot and metals, billing and credit
- EBS SFTP Post Trade Registration form - Production
For additional setup details, including reports associated with each form, refer to EBS Reporting.
Functions
- Access SFTP Management
- Manage User Permissions
- Create SFTP ID
- Claim SFTP ID
- Transfer SFTP ID to another user
- Access SFTP Report Data
- SFTP IP Addresses
SFTP Management
The SFTP Management function is used to assign and edit user permissions to create and manage SFTP IDs.
Responsibility for the function is initially assigned to a firm designated AM, who grants permission for additional individuals to create and manage SFTP IDs.
- Select the User icon > My Profile.
- From the My Account menu, select SFTP Management.
Note: The availability of this page is determined by assigned user entitlements.
- View Details
- Remove Account Access
- Remove All Access
- Permission New User
Manage User Permissions
Firm designated back office admin managers can assign permissions to additional firm users.
Prior to adding a new user, request their CME Group Login ID and token, which is used to identify the user.

Before users can manage SFTP functions, a Back Office Admin Manager must assign permissions to create and manage SFTP IDs.
- To assign user permission:
- Navigate to the SFTP Management function.
- From the SFTP Management page, select Permission New User.
- From the Permissions User for SFTP ID Creation screen, specify user information.
- User: Users must have a valid CME Group Login and token
To obtain a temporary token, users must access CME Group Login > My Profile to generate a token, then provide to the AM.
- Account Type: Clearing, Regulatory, Trade Repository, Billing Group, etc
- Entity: Assigns SFTP management permission to the specified entity and account combination.
- To finalize permission assignment, select Submit, then confirm the password dialog (to validate your entitlement to assign this permission).
My SFTP IDs
Appears for users authorized by the firm's back office admin manager to create, claim and manage SFTP IDs.

The following procedures illustrate the process to create a SFTP ID for a given entity, account type and account:
- To Create a SFTP ID:
- From the My SFTP IDs screen, select Create SFTP ID.
- On the screen that appears, specify SFTP ID Details.
- Account Details
- Account Type: Select Clearing, Regulatory, Trade Repository, Billing Group, Owner Group, etc
- Entity
- Account Name: Up to 50 alphanumeric (A to Z, and 0 to 9) characters and unique at the entity
- Select a secure authentication / encryption option, using SSH and / or PGP.
- Authentication Details: SSH Key - This optional setting is used for secure authentication.
Enter a valid SSH Public Key (RFC4716 compatible format).
Note: When selecting Yes, a link to an external website appears (Internet Engineering Task Force) with additional information on the SSH protocol.
- Encryption Details: PGP Public Key - Copy and paste a valid PGP public key, you previously generated for CME Group to encrypt reports and data prior to sending to your directories.
Note: A SFTP ID can be created without a PGP public key, but cannot be activated until PGP Encryption Details are setup.
- After setting up encryption, select Submit, then complete multi-factor authentication to verify your identity and secure authentication details.
- Select Generate Password to create a system generated password that complies with CME Group password security requirements (24 character alphanumeric).
- Select Copy (
) to store the system generated password in a secure location / file.
- After creating the SFTP ID, select Close.
The SFTP Management page updates to include the newly added ID.

The following instructions illustrate the process to add Secure Shell Key (SSH) encryption for a SFTP ID authentication. SSH encryption provides enhanced security for files transfers that currently use default User ID and Password authentication.
- To Add a SSH Key:
- Select the User icon > My Profile.
- From the My Account menu, select SFTP Management.
- Select the SSH icon (
) for the SFTP ID to manage.
- On the dialog that appears enter a valid (RFC4716 format) SSH Public Key, then select Submit.
A security code is sent to the mobile phone number registered to the Profile.
- Enter the code, then select Submit.

Use the Claim SFTP ID function when the user that manages a SFTP ID is no longer with a firm but data is sent / received via the ID.
Prior to claiming a SFTP ID, ensure the claiming user is associated with same entity as the ID as the AM or authorized user.
Note: To assign permissions to claim a SFTP ID, view Manage User Permissions.
- To Claim a SFTP ID:
- From the My SFTP IDs screen, select Claim SFTP ID.
- On the screen that appears enter the SFTP ID to claim and associated Password, then select Submit.
A confirmation dialog appears, indicating success or failure.

Registered (Back Office) Admin Managers can transfer SFTP IDs from other users at their firm to recipients at the same firm.
Unlike the claiming process, transferring does not require the current password.
Recipients must be authorized to create and manage SFTP IDs.
Note: Transferring an SFTP ID deactivates it and deletes the PGP (encryption) and SSH (connection) Public keys.
Prior to transferring ensure that there will be no disruption to current sessions and set up new authentication keys (if necessary).
- To transfer SFTP ID Ownership to another user:
- From the CME Customer Center menu, select the User icon > My Profile.
- From the My Account menu, select SFTP Management.
- From the Authorized SFTP Users pane > Actions column, select Transfer (
).
- On the screen that appears, the Account Type and Entity for the selected SFTP user is selected.
- Select the New Owner, then click Submit.
Available selections include individuals that have permission to create / manage SFTP IDs.
- Confirm the submission by completing authentication.
A confirmation banner appears, indicating successful transfer.
- After completing the transfer, reset the password (
), then contact EASE to activate the SFTP ID.
- Select Generate Password, then Copy (
) the password.
Note: Use the copy function for entity system setup or storing the system generated password in a secure location / file.
A security code is sent to the mobile phone number registered to the Profile.
- Confirm the code then click Submit.

Accessing SFTP Data and Reports
Using SFTP, you can connect to CME Group systems to send and receive files, using an application enabled for ssh encrypted login.
Public / private key authentication is allowed to secure connections, using SSH public key file format (RFC4716).
- To establish a connection and access files:
- Using the password, SSH or PGP key authentication, log in to access CME Group directories (incoming / outgoing):
Futures & Options / BrokerTec / EBS: Production access via internet
- Address: sftp.cmegroup.com
- IP address: 205.209.196.150
- Port: 22
Futures & Options: Production access via leased line WAN
- Address: sftp.cmegroup.com
- WAN CDN connection VPN IP address: 167.204.72.96
- WAN Futures &Options: 167.204.41.34
- Port: 22
BrokerTec: Production access via leased line WAN
- Address: sftp.cmegroup.com
- WAN CDN connection VPN IP address: 167.204.72.96
- Port: 22
EBS: Production access via leased line WAN
- Address: sftp.cmegroup.com
- IP address: 167.204.72.206
- Port: 22
- After successful login, the root directory appears with default directories to access files.
Directory paths are case sensitive and must be entered exactly as indicated.
Folders and directory path are available as described below:
- incoming: Confidential data files submitted by firms. Firms upload files as required by CME Group.
- outgoing: Confidential files, from CME Group, for firms to download and review or complete.
- pub: A file folder that can be setup with subdirectories to send and receive files.
- Sample report filenames:
BrokerTec
- BTEC111_IDY.[Business_Date].BTEU.[GFID].[master account].csv
- BTEC111_EOD.[Business_Date].BTEU.[GFID].[master account].csv
EBS: End of Day report format
EREP
- CEOD200_EBS_(GFID)_yyyy-mmm-dd.csv
In this example CEOD200 is the EOD Client Order Events - EBS Market - Daily Report, which is available via EREP.
- CEOD200_EBS_(GFID)_yyyy-mmm-dd.csv
SFTP
- CEOD200_(yyyymmmdd).EBS.(GFID).OG_(CID).csv
In this example CEOD200 is the EOD Client Order Events - EBS Market - Regulatory - Daily Report, which is available via SFTP.
- CEOD200_(yyyymmmdd).EBS.(GFID).OG_(CID).csv
Reports are updated at:
US
- 9:00 AM CST
- Intraday: every hour
- 4:30 PM CST

To encrypt your files before uploading to CME SFTP, use the following key.
- Production Environment
https://www.cmegroup.com/content/dam/cmegroup/misc/sftp-key/CMEGroup_PROD_PGP_pubkey.asc