Good morning. Thank you for the kind invitation to deliver keynote opening remarks at the RegHub Summit and to join TradingHub Executive Chair Neil Walker for a fireside chat. I appreciate that you have historically had the pleasure of hearing from the most senior regulators in our industry including our immediate past Commodity Futures Trading Commission (CFTC) Chairman, Russ Behnam; President and CEO of the National Futures Association, Tom Sexton; and a recent past Director of Enforcement, Ian McGinley.
I’ll hope to offer insights to complement the important and cutting edge topics that you will explore today including managing model risk in trade surveillance, best practices for validation and compliance, and building a unified approach to trade surveillance and data governance. Mostly, I’ll aim to be brief and, if I am correctly using these idioms, not put a foot wrong or let the side down. To that end, I should acknowledge that that the views I express today are my own and not the views of the Commission, my fellow Commissioners or the staff of the CFTC.
Three Dimensions of a Financial Markets Governance and Compliance Framework
Financial regulation in the U.S. significantly depends on a three-dimensional approach to regulatory compliance.
First, from the earliest periods of community or state-based regulation in the U.S.—which only go as far back as the late 1700s—you could argue that our regulation has required entities operating in financial markets to police themselves. In other words, market participants must demonstrate a commitment to ensuring compliance with applicable regulations and reporting instances of disruption or compliance failures.
Second, our regulation imposes both formal and informal (soft law) requirements on firms operating as critical market infrastructure resources. These entities, and in some instances, industry trade associations, have exercised market policing authority. In 1792, for example, twenty-four stock-brokers gathered under a buttonwood tree in lower Manhattan in New York City to sign the Buttonwood Agreement.[1] While I am fairly certain they were not sorting out a crypto regulatory framework, addressing complex issues such as initial and variation margin requirements during periods of heightened market distress, default risk management, cross-product margining, or clearing U.S. Treasuries, they were establishing a precedent that would serve as a foundational understanding in U.S. financial markets regulation: firms and industry have obligations to facilitate market stability, market integrity, and surveil markets for evidence of fraud and manipulation.
Third, financial market regulators play an important role in supervising markets and enforcing expectations regarding compliance. At the CFTC, our principles-based regulation includes a supervision framework where organizations that play a critical role in market infrastructure, such as exchanges and clearing organizations, engage in surveillance and report to the Commission on the compliance of intermediaries.[2] Within individual organizations, registered market participants are charged with supervising the actors who directly engage in trading as well as actors who directly engage in customer solicitation.[3]
Relying on firms to engage in market surveillance and intermediaries to engage in supervision balances the costs and obligations of supervision. We might describe the three legs of this regulatory framework as a governance and compliance framework.
Technology-Driven Governance and Compliance
In recent years, the advent of increasingly sophisticated artificial intelligence (AI) technologies have promised to enable faster, more efficient, reduced cost supervision and compliance capabilities.
This observation is not a revelation to anyone in this room. For decades, financial markets have integrated machine learning algorithms as a central aspect of predictive analytics. Increasingly advanced AI technologies—supervised and unsupervised machine learning algorithms, neural networks, generative AI and more recently agentic AI—have accelerated both interest in and adoption of AI for broader front office, back office, reporting, and supervision and monitoring obligations that arise in financial markets regulation.
Requests for Information Regarding the Adoption of AI: CFTC, Federal Regulators, and Global Initiatives
Over the last several years, I have worked closely with our Commission, other federal regulators, regulators around the world, and market participants to understand the benefits and limits of integrating AI into financial markets compliance and surveillance infrastructure.
I actively worked with the CFTC senior staff across all divisions to develop the Commission’s first request for comment (RFC) on the uses of AI in CFTC-regulated markets.[4] It’s been a priority of mine to engage with the staff, as well as our registrants, about issues related to AI long before that RFC, and remains so to this date. Compliance use cases were identified by a number of market participants as AI uses in CFTC-registered markets.[5] This is consistent with a trend that has been identified in financial markets more broadly. I also worked directly or participated in the development of consultations organized by the U.S. Department of the Treasury (Treasury) and global international standard setting bodies seeking to better understand AI compliance and surveillance use cases.
Many industry trade associations are similarly engaged in better understanding the potential for AI use cases. The Institute of International Finance (IIF), for example, surveys its members annually about its uses of artificial intelligence and machine learning. In the most recent IIF survey report, published in January 2025, compliance (including anti-money laundering and trade surveillance) ranked in the top four predictive AI use cases for respondents.[6] Treasury’s report on Artificial Intelligence in Financial Markets reports that “AI is widely used for…AML/CFT and sanctions compliance, including analyzing large sets of data, detecting anomalies, flagging suspicious activities, and verifying customer identities under the Bank Secrecy Act (BSA) obligations.”[7] Other publications contain similar observations about compliance use cases as AI adoption in financial services continues to develop.[8]
A recent consultation report published by the International Organization of Securities Commissions (IOSCO) on AI in capital markets reports that IOSCO members and self-regulatory organizations (SROs) observed that market participants are:
using AI to enhance the effectiveness of AML and CFT measures, particularly, and compliance more generally, including to identify suspicious transactions. For AML compliance, customer onboarding, and due diligence, respondents observed that market participants use ML models to perform pattern recognition and anomaly detection in surveillance software. They also use NLP to enhance the interpretation of unstructured data and to facilitate name screening and news analysis.[9]
The IOSCO Report also noted that other recent reports had consistent findings, and cited numerous industry reports about how large language models (LLMs) are used for compliance tasks.[10]
AI and Trade Surveillance
Indisputably, AI technologies demonstrate significant potential for enhancing trade surveillance. The recent IOSCO Report referenced earlier notes the incorporation of “AI tools in surveillance and security solutions that could assist market participants to monitor client communications such as emails, calls, and mobile chat applications, and could raise alerts on suspicious communications for compliance review and investigation.”[11]
One of the reasons that the markets that the CFTC regulates are the deepest and most liquid in the world is that our regulatory framework includes measures designed to ensure the integrity of the markets, a necessary feature for markets that so many rely on to hedge and manage risk.
For example, Section 5 of the Commodity Exchange Act (CEA) sets forth core principles for designated contract markets (DCMs) that require DCMs to “establish, monitor, and enforce” compliance with a DCM’s rules and to establish and enforce certain rules and procedures to ensure financial stability of transactions on the DCM.[12] The implementing rules for each of these core principles include requirements related to surveillance. Rule 38.156 requires a DCM to “maintain an automated trade surveillance system capable of detecting and investigating potential trade practice violations” and includes additional requirements for the system including certain capabilities, features and timing.[13] Rule 38.604 states that “A designated contract market must monitor members' compliance with the designated contract market's minimum financial standards and, therefore, must routinely receive and promptly review financial and related information from its members, as well as continuously monitor the positions of members and their customers.”[14] Similarly, Section 5h of the CEA establishes compliance with rules and financial integrity as core principles for swap execution facilities (SEFs),[15] and implementing rules include requirements on SEFs to maintain an automated trade surveillance system pursuant to Rule 37.203 as part of their required rule enforcement program.[16]
These are just a few examples, and perhaps one of the many reasons that it is not surprising to me that CFTC-regulated markets have always been among the most technology-forward, including with its use of AI.
I continuously advocate for a number of policy initiatives related to AI, and the first one is the most fundamental: collaboration. I hope to continue to be able to learn how we can work together to discover how AI can be leveraged to enhance registrants’ ability to comply with our existing requirements, and to support a stronger, safer, and more vital derivatives market, while also enhancing efficiencies for registrants.
A discussion of potential uses of AI in the derivatives markets requires also considering the broader financial market landscape. The IOSCO Report noted that respondents “observed efforts to enhance surveillance measures in the financial industry through the development of joint systems that can be used by multiple financial institutions to share data and intelligence to mitigate types of threats utilizing AI and other technologies.”[17]
I have advocated for a number of policy initiatives related to AI consistently throughout my time at the Commission, and one of those policies is inter-governmental collaboration with other financial market regulators in the U.S. and globally. If we do not work together, we risk missing out on significant opportunities not only to learn from each other and build on best practices, but also opportunities to create broader initiatives that make our markets safer and more efficient.
A Pause to Look Under the Hood
As we consider the possibilities, we also need to be mindful of the risks. As AI tools become further integrated into organizational processes, especially those that relate to critical compliance or surveillance functions, those organizations, as well as regulators, need to have appropriate assurances that the tools will operate safely and reliably.
It is imperative that we have a clear understanding of and appropriate guardrails to ensure the security and integrity of the data used to train AI models. Data governance must be a foundational, gatekeeping issue for the continued development of AI models, particularly LLMs that may rely on synthetic data. I have frequently raised concerns regarding these risks—including concerns regarding the potential for AI models to hallucinate or lack the ability to comprehend certain real-world roadblocks.[18] Agentic AI models, while able to overcome some of the limitations of generative AI models, are still limited by the data they are able to access.[19] I’ve also spoken about some of the other questions that need to be accounted for as we consider the integration of AI into financial markets, such as promoting explainability, implementing data controls and measures to address bias, focusing on governance of the models, and testing and monitoring output.[20]
Market participants must understand the risks of data leakage which may include reduced accuracy, unfairness and bias, data privacy breaches, and other vulnerabilities.[21] I am hopeful that these are among the issues that participants at the Summit will explore today.
Where Are We Going Next?
Increasingly, I am asked this question on a frequent basis. In the context of AI, I believe there is significant potential for these technologies to enhance the tripartite approach to regulation—my earlier reference to three-dimensions or a three-legged stool of governance and compliance mentioned. Successful integration of AI will require careful consideration by firms and the industry as well as thoughtful regulatory oversight by domestic and international regulators. For a few hundred years, we have been on a journey to create a sound regulatory framework.
My personal journey in service is not nearly as long but I am deeply committed to ensuring that we land on the right path as we integrate and potentially regulate AI. In becoming a CFTC Commissioner, I have had the privilege and the pleasure of fulfilling a personal professional goal—serving my country in a role that I hope fosters a healthy economy that enables responsible innovation, protects customers, and ensures the integrity and stability of financial markets for generations to come.
Thanks for being on this journey with me. I look forward to continuing the conversation with you all today and in the coming years.
[1] Olivia Waxman, How a Financial Panic Helped Launch the New York Stock Exchange, TIME (May 17, 2017), https://time.com/4777959/buttonwood-agreement-stock-exchange/.
[2] See, e.g., 7 U.S.C. § 7a-1(c)(2)(C)(ii); 17 C.F.R. § 39.12(a)(4) (requiring derivatives clearing organizations to have procedures to verify compliance of clearing members with participation requirements).
[3] See, e.g., 17 C.F.R. §§ 38.604-605 (requiring designated contract markets to establish financial surveillance programs for futures commission merchants, retail foreign exchange dealers, and introducing brokers).
[4] CFTC, Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets (Jan. 25, 2024), https://www.cftc.gov/PressRoom/PressReleases/8853-24.
[5] See, e.g., Letter from World Federation of Exchanges to CFTC, Regarding Response to Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets (Apr. 24, 2024), https://comments.cftc.gov/PublicComments/ViewComment.aspx?id=73447&SearchText= (“AI can be used to reduce manual inputs for trade documentation and regulatory reporting, as well as reducing market manipulation….”); Letter from Futures Industry Association, FIA Principal Traders Group, CME Group, Inc., and Intercontinental Exchange Inc. to CFTC, Regarding Release No. 8853-24 (Jan. 25, 2024) Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets (Apr. 24, 2024), https://comments.cftc.gov/PublicComments/ViewComment.aspx?id=73444&SearchText= (“We understand that FIA’s members may utilize AI, now in the future, across a broad array of areas, including…compliance processes and controls.”); Letter from Bank Policy Institute to CFTC, Regarding Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets (CFTC Release No. 8553-24) (Apr. 17, 2024), https://comments.cftc.gov/PublicComments/ViewComment.aspx?id=73424&SearchText= (“Many banking organizations also use AI tools to enhance existing processes that facilitate compliance with BSA/AML and sanctions legal requirements and banking agency expectations. Some of these tools flag potentially suspicious activity, such as suspected money laundering, or potential sanctions concerns.”).
[6] IIF-EY Annual Survey Report on AI/ML Use in Financial Services at 6 (Jan. 2025), https://www.iif.com/portals/0/Files/content/Innovation/2024 IIF-EY Survey Report on AI_ML Use in Financial Services_Public 01.08.25.pdf (the other top three use cases were risk, fraud, and operations).
[7] U.S. Department of the Treasury, Artificial Intelligence in Financial Services: Report on the Uses, Opportunities, and Risks of Artificial Intelligence in the Financial Services Sector at 16 (Dec. 2024), https://home.treasury.gov/system/files/136/Artificial-Intelligence-in-Financial-Services.pdf (citations omitted).
[8] For example, a recent report by the Financial Stability Board on the financial stability implications of AI notes, “More broadly, the increasing regulatory requirements over the last seven years across multiple jurisdictions, for example, requirements on data protection, the growing use of principles to guide AI development and adoption, and the growing body of international standards, including in specific sectors such as financial services, have led financial firms to increasingly leverage AI to enhance their compliance capabilities.” Financial Stability Board, The Financial Stability Implications of Artificial Intelligence at 8 (Nov. 14, 2024), https://www.fsb.org/uploads/P14112024.pdf (citation omitted).
[9] IOSCO, Artificial Intelligence in Capital Markets: Use Cases, Risks, and Challenges: Consultation Report (Mar. 2025) at 21-22, https://www.iosco.org/library/pubdocs/pdf/IOSCOPD788.pdf (IOSCO Report).
[10] Id. at 22, 24.
[11] Id. at 24.
[12] 7 U.S.C. § 7(d)(2), (11).
[13] 17 C.F.R. § 38.156.
[14] 17 C.F.R. § 38.604.
[15] 7 U.S.C. § 7b-3(f)(2),(7).
[16] 17 C.F.R. § 37.203(d).
[17] IOSCO, Artificial Intelligence in Capital Markets: Use Cases, Risks, and Challenges: Consultation Report at 23.
[18] See, e.g., Keynote Remarks of Commissioner Kristin Johnson at the Federal Reserve Bank of Dallas: Exploring AI Risk and Opportunities Across the Digital and Cyber Landscape (May 29, 2025), https://www.cftc.gov/PressRoom/SpeechesTestimony/opajohnson19.
[19] Id.
[20] See, e.g., Opening Remarks of Commissioner Kristin N. Johnson at FIA L&C Panel: Futureproofing Financial Markets: AI and Derivatives Markets (Apr. 25, 2024), https://www.cftc.gov/PressRoom/SpeechesTestimony/opajohnson13.
[21] See, e.g., Keynote Remarks of Commissioner Johnson for Governing Data at IIB&L Center and Yale Law Journal of Law & Technology at Yale Law School: Twin Peaks—Emerging Technologies (AI) and Critical Third Parties (Apr. 4, 2025), https://www.cftc.gov/PressRoom/SpeechesTestimony/opajohnson16; see also, Keynote Remarks of Commissioner Kristin Johnson at the Federal Reserve Bank of Dallas: Exploring AI Risk and Opportunities Across the Digital and Cyber Landscape (May 29, 2025), https://www.cftc.gov/PressRoom/SpeechesTestimony/opajohnson19.
