Technical writing
CFTC Enforcement Actions: The Federal Database Behind Commodity Market Fraud Penalties
The Commodity Futures Trading Commission enforcement database covers every civil action, consent order, and default judgment for violations of the Commodity Exchange Act — manipulation, fraud, spoofing, wash trading, unregistered trading, and crypto asset fraud — with penalties totaling billions annually.
The CFTC and its jurisdiction
The Commodity Futures Trading Commission is an independent federal agency created by the Commodity Futures Trading Commission Act of 1974. Its mandate is to regulate US derivatives markets: futures contracts, options on futures, and swaps on commodities spanning energy, metals, agricultural products, and financial instruments including interest rates, foreign exchange, and equity indexes. The statutory authority flows from the Commodity Exchange Act, which the CFTC enforces through both civil administrative proceedings and civil actions in federal court.
The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 dramatically expanded CFTC jurisdiction over the over-the-counter swap market — the largest category of unregulated derivatives trading in the years before the 2008 financial crisis. Dodd-Frank brought interest rate swaps, credit default swaps, and foreign exchange swaps under CFTC reporting and clearing requirements for the first time, and gave the CFTC authority to enforce anti-manipulation and anti-fraud provisions in those markets.
The CFTC and the Securities and Exchange Commission share an unresolved jurisdictional boundary over crypto assets. The SEC asserts that most crypto tokens are securities; the CFTC asserts that Bitcoin and Ether are commodities and therefore within its anti-fraud and anti-manipulation authority. The CFTC has brought more than fifty crypto enforcement actions since 2014, including several of the largest civil penalties in the agency's history, while the boundary dispute with the SEC continues in courts and Congress.
Major violation categories
CFTC enforcement actions cluster into five substantive violation types, each with its own analytical signature in the public enforcement record.
Market manipulation is the broadest category and encompasses several distinct trading practices. Spoofing — placing orders with the intent to cancel them before execution, in order to create a false impression of supply or demand — became a named statutory offense under Dodd-Frank Section 747 and has generated the largest single-firm penalties in CFTC history. JPMorgan's $920 million spoofing settlement in 2020, covering precious metals and US Treasury futures traders on the bank's proprietary desk, remains the largest spoofing penalty ever assessed by any regulator. Wash trading — buying and selling the same instrument simultaneously to generate artificial volume — and banging the close — executing large orders in the final minutes of a settlement window to push the settlement price — are the other principal manipulation forms.
Fraud in commodity pools and commodity pool operators covers Ponzi schemes and misrepresentation to investors. Commodity pools are funds that trade futures and commodity interests; operators of such pools (CPOs) and advisers to such pools (CTAs) are required to register with the CFTC and the National Futures Association. When CPO operators solicit investor funds with false performance claims or divert pool assets to personal use, the CFTC brings civil fraud claims under CEA Section 4b and 4o.
Unregistered activity covers operating as a CPO, CTA, futures commission merchant (FCM), or swap dealer (SD) without the required CFTC registration. Registration triggers capital, recordkeeping, and customer protection requirements. Crypto exchanges that accepted US customers for futures-style trading without CFTC registration became the primary target of this category in the 2020s: BitMEX paid $100 million in 2021, Binance paid $2.7 billion in 2023 — the largest crypto settlement in CFTC history.
Reporting failures under Dodd-Frank encompass swap data reporting obligations. Dodd-Frank requires that all swap transactions be reported to registered swap data repositories (SDRs), enabling the CFTC to monitor systemic risk in the OTC derivatives market. Failures to report, late reporting, and inaccurate reporting each constitute separate violations. Major dealer banks have paid tens of millions of dollars for swap data reporting failures in actions coordinated with the CFTC's Market Participants Division.
Crypto asset fraud has grown from a niche category to a dominant enforcement priority. BitConnect, the fraudulent crypto lending platform that collapsed in 2018, generated a $2.4 billion CFTC complaint. OneCoin, the scheme operated by Ruja Ignatova — the “Cryptoqueen” — generated related CFTC proceedings. The FTX collapse in November 2022 produced the largest single CFTC complaint in the agency's history: a $12.7 billion civil complaint against Sam Bankman-Fried and FTX Trading Ltd for commingling customer funds, making false reports to the agency, and operating a fraudulent trading platform. That action was filed jointly with a parallel DOJ criminal indictment and SEC civil charges.
High-profile cases
The LIBOR manipulation settlements represent the largest coordinated enforcement action in CFTC history by total penalty dollar volume. Beginning with the Barclays $200 million settlement in June 2012 — the first LIBOR settlement by any regulator — the CFTC proceeded through a series of actions against Deutsche Bank ($800 million, 2015), Goldman Sachs ($120 million, 2016), Bank of America ($100 million, 2020), and others. Across CFTC, DOJ, and foreign regulator settlements, total LIBOR penalties exceeded $9 billion. The underlying conduct involved traders at major dealer banks colluding to submit false rate submissions that skewed the benchmark rates underpinning hundreds of trillions of dollars in financial contracts globally.
The FX spot market manipulation actions in 2015 targeted five major banks — Citigroup, JPMorgan, Barclays, RBS, and UBS — for coordinated manipulation of EUR/USD exchange rates in the minutes around the 4pm London fix. Traders at these banks shared customer order flow information through private electronic chatrooms and coordinated their trading to move the fix in directions favorable to their own proprietary positions. CFTC fines for the five banks totaled approximately $1.6 billion, with DOJ plea agreements and foreign regulator fines layered on top.
The Binance action in March 2023, charging Binance and its CEO Changpeng Zhao with operating an unregistered futures exchange and willfully evading CFTC regulations by serving US customers, resulted in a $2.7 billion settlement — the largest crypto settlement in CFTC history and among the largest in any regulatory domain. The concurrent DOJ plea agreement required Zhao to step down as CEO and pay a personal fine of $50 million.
The enforcement process
The CFTC's Division of Enforcement employs approximately 200 attorneys and investigators organized into specialized units covering manipulation, fraud, swaps, crypto, and international coordination. Investigations can be initiated by market surveillance alerts, whistleblower tips, examination referrals from the Division of Market Oversight, or referrals from self-regulatory organizations including the National Futures Association and derivatives exchanges such as CME Group.
Civil actions are filed in federal district court under CEA Section 6c. The CFTC seeks injunctive relief, disgorgement of profits, restitution to harmed customers, and civil monetary penalties. Penalties under Section 6c(d) are capped at the greater of $1 million per violation (adjusted for inflation) or triple the monetary gain from the violation. The triple-gain multiplier is what drives the headline numbers in large institutional manipulation cases: if a bank profited $300 million from spoofing, the statutory ceiling on civil penalties alone is $900 million, before disgorgement.
Consent orders are the most common resolution. The respondent neither admits nor denies the CFTC's findings, agrees to pay a specified penalty and disgorgement, and undertakes compliance enhancements. The consent order is entered as a federal court judgment. Where a parallel criminal action exists, the DOJ deferred prosecution or plea agreement typically requires admissions of fact that the CFTC consent order can then reference without requiring a separate admission.
Default judgments occur when a respondent fails to appear or respond to the CFTC's complaint. Many crypto Ponzi scheme defendants have defaulted, resulting in maximum-penalty judgments that are often uncollectable because the defendant's assets have been dissipated. The FTX and BitConnect complaints generated large default-related orders against individual co-conspirators alongside the main settlement amounts.
Whistleblower awards are governed by CEA Section 23, which entitles a whistleblower to between 10% and 30% of sanctions collected in a covered action exceeding $1 million. The CFTC Whistleblower Program, established by Dodd-Frank in 2010, has paid more than $350 million in awards through 2024. The JPMorgan spoofing settlement in 2020 was reported to have had a whistleblower component, though award amounts are not disclosed by respondent case.
Accessing CFTC enforcement data
The CFTC's primary public enforcement record is the Enforcement Actions page at cftc.gov/LawRegulation/Enforcement/EnforcementActions.html. The page organizes press releases chronologically and by year, with each entry linking to the full press release describing the charges, respondents, and penalty amounts. The page is HTML-rendered and does not expose a structured data feed or bulk download.
Unlike the SEC's EDGAR system or the DOJ's press release API, the CFTC does not publish a machine-readable enforcement database. Each action is a PDF press release linked from the HTML index. The underlying court filings are publicly docketed in PACER under the district court where the CFTC filed its civil complaint. For structured enforcement data at scale, practitioners typically scrape the press release index, parse the headline dollar amounts from press release text using regular expressions, and cross-reference against PACER dockets for the underlying complaint and consent order documents.
The CFTC does publish an Annual Enforcement Reportwith aggregate statistics by violation category, total penalty amounts, and whistleblower program metrics. These reports are downloadable PDFs and serve as the authoritative source for year-over-year trend analysis when case-level data is not required. The agency also publishes a whistleblower awards list, updated when new awards are announced, that identifies the covered action and the percentage awarded without naming the whistleblower.
For programmatic access to coordinated DOJ/CFTC actions, the DOJ press release API (at justice.gov) filtered to CFTC-tagged releases provides more structured metadata than the CFTC's own site. PACER, accessed through the federal PACER system or commercial legal databases, provides the underlying complaint, consent decree, and all subsequent filings in district court cases.
Analyzing the enforcement record
Because the CFTC does not provide a structured data API, the following Python script uses an embedded dataset of major enforcement actions from 2014 through 2024 — covering LIBOR, FX manipulation, spoofing, unregistered crypto exchanges, and crypto asset fraud — to demonstrate the analytical patterns applicable to the full scraped dataset. The script computes penalties by year, penalties by violation type, the ten largest individual actions, the trend in crypto versus traditional commodity cases from 2018 through 2024, and whistleblower awards paid by year:
import csv
import sys
from collections import defaultdict
# Representative dataset of major CFTC enforcement actions 2014-2024.
# No structured enforcement API exists; cases are published as press releases.
# This embedded dataset covers LIBOR, FX, spoofing, crypto, and CPO/CTA fraud.
ACTIONS = [
# year, respondent, violation_type, penalty_usd, crypto, whistleblower_related
(2014, "Barclays (LIBOR)", "LIBOR Manipulation", 200_000_000, False, False),
(2015, "Deutsche Bank (LIBOR)", "LIBOR Manipulation", 800_000_000, False, False),
(2015, "Citigroup (FX)", "FX Manipulation", 310_000_000, False, False),
(2015, "JPMorgan (FX)", "FX Manipulation", 310_000_000, False, False),
(2015, "Barclays (FX)", "FX Manipulation", 400_000_000, False, False),
(2015, "RBS (FX)", "FX Manipulation", 290_000_000, False, False),
(2015, "UBS (FX)", "FX Manipulation", 290_000_000, False, False),
(2016, "Goldman Sachs (LIBOR)", "LIBOR Manipulation", 120_000_000, False, False),
(2016, "Kraft Foods Group", "Market Manipulation", 16_000_000, False, False),
(2017, "DRW Cumberland LLC", "Market Manipulation", 0, False, False),
(2018, "Merrill Lynch (spoofing)", "Spoofing", 25_000_000, False, False),
(2018, "BitConnect (crypto)", "Crypto Fraud", 2_400_000_000, True, False),
(2019, "Deutsche Bank (spoofing)", "Spoofing", 30_000_000, False, False),
(2019, "Tower Research Capital", "Spoofing", 67_400_000, False, False),
(2019, "Tether / Bitfinex", "Crypto Fraud", 18_500_000, True, False),
(2020, "JPMorgan (spoofing)", "Spoofing", 920_000_000, False, True),
(2020, "Bank of America (LIBOR)", "LIBOR Manipulation", 100_000_000, False, False),
(2020, "HSBC (spoofing)", "Spoofing", 45_000_000, False, False),
(2021, "NatWest (spoofing)", "Spoofing", 35_000_000, False, False),
(2021, "BitMEX", "Unregistered Trading", 100_000_000, True, False),
(2021, "Trafigura (manipulation)", "Market Manipulation", 55_000_000, False, False),
(2022, "FTX / Sam Bankman-Fried", "Crypto Fraud", 12_700_000_000, True, False),
(2022, "Gemini Trust", "Reporting Failure", 5_000_000, True, False),
(2022, "Goldman Sachs (spoofing)", "Spoofing", 56_000_000, False, False),
(2023, "Binance / CZ", "Unregistered Trading", 2_700_000_000, True, False),
(2023, "Ooki DAO", "Unregistered Trading", 644_000, True, False),
(2023, "Celsius Network", "Crypto Fraud", 4_700_000, True, False),
(2023, "Jump Trading (Terra)", "Market Manipulation", 123_000_000, True, False),
(2024, "KuCoin", "Unregistered Trading", 7_500_000, True, False),
(2024, "Panasea / OneCoin related", "Crypto Fraud", 600_000_000, True, False),
]
# Whistleblower awards by year (from CFTC annual reports; awards lag actions by years)
WHISTLEBLOWER_AWARDS = {
2016: 10_000_000,
2017: 37_000_000,
2018: 75_000_000,
2019: 21_000_000,
2020: 182_000_000,
2021: 45_000_000,
2022: 52_000_000,
2023: 16_000_000,
2024: 35_000_000,
}
# ── (a) Total penalties by year ───────────────────────────────────────────────
penalties_by_year = defaultdict(float)
for year, _, _vtype, penalty, _c, _w in ACTIONS:
penalties_by_year[year] += penalty
print("=== Total Penalties by Year ===")
for year in sorted(penalties_by_year):
total = penalties_by_year[year]
bar = "#" * int(total / 100_000_000)
print(f" {year}: ${total/1e9:.2f}B {bar}")
# ── (b) Penalties by violation type ──────────────────────────────────────────
penalties_by_type = defaultdict(float)
count_by_type = defaultdict(int)
for _, _, vtype, penalty, _, _ in ACTIONS:
penalties_by_type[vtype] += penalty
count_by_type[vtype] += 1
print("\n=== Penalties by Violation Type ===")
for vtype, total in sorted(penalties_by_type.items(), key=lambda x: -x[1]):
print(f" {vtype:<30} ${total/1e9:.3f}B ({count_by_type[vtype]} actions)")
# ── (c) Top 10 largest individual actions ────────────────────────────────────
print("\n=== Top 10 Largest Individual Actions ===")
top10 = sorted(ACTIONS, key=lambda x: -x[3])[:10]
for rank, (year, respondent, vtype, penalty, _c, _w) in enumerate(top10, 1):
print(f" {rank:>2}. {year} {respondent:<35} ${penalty/1e9:.3f}B [{vtype}]")
# ── (d) Crypto vs. traditional commodity cases 2018-2024 ──────────────────────
print("\n=== Crypto vs. Traditional Cases 2018-2024 ===")
print(f" {'Year':<6} {'Crypto Actions':>14} {'Traditional Actions':>19} {'Crypto %':>9}")
for year in range(2018, 2025):
year_actions = [a for a in ACTIONS if a[0] == year]
crypto = sum(1 for a in year_actions if a[4])
trad = sum(1 for a in year_actions if not a[4])
total = crypto + trad
pct = (crypto / total * 100) if total else 0
print(f" {year:<6} {crypto:>14} {trad:>19} {pct:>8.0f}%")
# ── (e) Whistleblower awards paid by year ────────────────────────────────────
print("\n=== CFTC Whistleblower Awards Paid by Year ===")
cumulative = 0
for year in sorted(WHISTLEBLOWER_AWARDS):
award = WHISTLEBLOWER_AWARDS[year]
cumulative += award
print(f" {year}: ${award/1e6:>6.1f}M paid (cumulative: ${cumulative/1e6:.1f}M)")
The embedded dataset covers roughly thirty cases and skews toward the largest actions. A complete dataset built from scraping the CFTC press release index would contain hundreds of cases per year, many of them smaller CPO/CTA fraud actions with penalties in the hundreds of thousands of dollars rather than billions. The largest cases dominate total penalty dollars: the top five actions by penalty amount — FTX, Binance, BitConnect, JPMorgan spoofing, and Deutsche Bank LIBOR — account for the majority of all CFTC civil penalty dollars collected over the past decade.
Limitations and structural gaps
The CFTC enforcement record has several structural limitations that affect how it should be interpreted. First, like all enforcement databases, it captures only cases the agency chose to charge. The CFTC's Division of Enforcement exercises broad discretion over which investigations to close without action and which to proceed with — that discretion is not itself a matter of public record. Investigations that result in referrals to the NFA or to foreign regulators without a CFTC action leave no trace in the enforcement database.
Second, penalty amounts in press releases often combine disgorgement, restitution, and civil penalties without itemizing them separately. The headline number in a consent order may include restitution to identifiable customers, disgorgement of profits, and punitive civil penalties in proportions that vary by case and are not always disclosed in the press release. The underlying consent order, filed as a PACER document, contains the exact allocation but requires per-case retrieval.
Third, default judgment amounts against insolvent or fugitive defendants — common in crypto fraud cases — may not be collectible. The nominal penalty in a CFTC default judgment against a collapsed Ponzi scheme bears no relationship to the amount actually returned to investors. Annual enforcement reports include both “orders” (total statutory penalties assessed) and “collected” amounts, and the gap between the two is substantial in years with large crypto default judgments.
Fourth, the jurisdictional boundary with the SEC means that some crypto enforcement actions are split between agencies or brought exclusively by the SEC. Comparing CFTC crypto enforcement statistics to SEC crypto enforcement statistics without accounting for overlap and exclusive jurisdiction produces double-counting. The FTX action, for example, generated parallel CFTC and SEC civil complaints against Bankman-Fried and associates; the penalty amounts in each complaint are not additive.
Related: SEC enforcement actions · FinCEN BSA enforcement
Part of the Federal Regulatory Data Hub.