7 Tools CFTC DCM Applicants Actually Need (2026 Comparison)

Seventeen companies filed DCM applications with the CFTC since early 2025. Polymarket paid $112M to acquire an existing registered entity rather than go through the process. Kalshi spent nearly a year. Most applicants are looking at two years or more.

I went looking for software that helps with this process. I found surveillance platforms, AML tools, regulatory change trackers, and an $11B legal AI company. I did not find a single tool built specifically for DCM application preparation.

So I put together this comparison of the tools that actually matter for someone filing a DCM application today. Some of them are excellent at what they do. None of them cover the full picture. And there's one category of tool that straight up doesn't exist yet.

What You're Up Against: 23 Core Principles

Quick context if you haven't read 17 CFR Part 38 cover to cover (you'll need to eventually). CFTC evaluates DCM applications against 23 Core Principles from the Commodity Exchange Act, Section 5(d). These cover everything from trade execution and market surveillance to financial integrity and system safeguards.

The statutory review period is 180 days. That clock only starts when your application is "materially complete." According to Katten, one of the top firms handling these filings, applications "commonly extend well beyond the statutory period, often exceeding two years" because CFTC staff request presentations, circle back on resolved issues, and ask you to rewrite sections you thought were finished.

Budget? Plan for $1-3M in legal counsel alone. Add surveillance technology ($200-500K/year), compliance staff, and the financial resources requirement (12+ months of operating expenses on hand). Total: $5M+ before your exchange processes its first trade.

There's no shortcut. Well, there's one: Polymarket bought QCEX for $112M to bypass the whole thing.

The Tools, Compared

I looked at every vendor that DCM applicants might consider. Here's what each one does, what it costs (when anyone will tell you), and whether it actually helps you get designated.

1. Eventus (Validus Platform)

Best for: Trade surveillance during and after application

This is the closest thing to a must-have for new DCM applicants. Eventus won Market Surveillance Solution of the Year at FOW International Awards 2026, and they've built a specific product for prediction and information markets. That's not an afterthought, it's a dedicated offering.

The Validus platform handles near real-time trade surveillance across equities, options, futures, FX, and digital assets. It processes 150,000 messages per second at peak. Their automation resolves roughly 90% of false positives, which matters when you're staffing a small compliance team.

For your DCM application, having Eventus in your filing signals to CFTC staff that you have real surveillance infrastructure for Core Principle 4 (Prevention of Market Disruption). Clients include EDX Markets, Deribit, and several tier-1 banks.

Pricing isn't published, but they position themselves as more cost-effective than NICE Actimize or Nasdaq SMARTS. No lock-in contracts. For a startup exchange, probably the best surveillance option.

DCM relevance: 9/10. Covers Core Principles 4, 5, 12. Essential for application and ongoing operations.

2. AscentAI (formerly Ascent RegTech)

Best for: Mapping your policies to Part 38 obligations

This is the one that surprised me. Ascent's AI reads regulatory text, breaks it into discrete obligations ("DCM must maintain audit trail for X years"), and maps each obligation to your internal policies and controls. When a rule changes, the system flags which obligations are affected.

The CFTC/Part 38 is explicitly in their coverage. So are CME, CBOT, NYMEX, CBOE, ICE, NFA, SEC, and FINRA. ING and Commonwealth Bank reportedly generated MiFID II obligations in 2.5 minutes using Ascent, compared to 1,800 hours manually.

They were acquired by Edgewater Equity Partners in January 2024 and rebranded to AscentAI in March 2025. Raised $26.7M over 3 rounds. G2 rating: 4.3/5 with a learning curve.

Pricing is custom and channel-based (you pay per regulatory framework you subscribe to). Nobody publishes numbers.

One caveat: Ascent maps obligations but doesn't check whether your documents actually satisfy them. It tells you "you need a position limit policy under Core Principle 5" but doesn't read your rulebook to check if your position limit policy is good enough. That gap matters.

DCM relevance: 8/10. Best available tool for obligation mapping. Doesn't validate compliance, just identifies what's required.

3. Harvey.ai

Best for: Your outside counsel, not you

Harvey hit $11B valuation in March 2026. $190M+ ARR. 1,300 organizations and 100,000 lawyers use it. It's the clearest signal that institutions will pay for AI-powered legal tools.

But here's the thing. Harvey is built for law firms. Contract analysis, legal research, document review, case law synthesis. It's very good at these. Your outside counsel at Katten or WilmerHale probably uses it.

It does not map your exchange architecture to 17 CFR Part 38 requirements. It does not check whether your rulebook satisfies Core Principle 2's monitoring obligations. It does not know the difference between what the regulation says on paper and how CFTC staff actually interpret it during the designation process.

I tried using general-purpose legal AI for compliance mapping once. The results were fine for background research. Useless for identifying whether a specific rule in your exchange's Chapter 5 actually meets the abusive trading practice requirements under Section 38.152. The models don't have the domain-specific understanding of regulatory application versus regulatory text.

Pricing: estimated $1,000-1,200 per seat per month, 12-month contracts, ~20 seat minimums. Annual entry point around $240K. Enterprise-only.

DCM relevance: 3/10. Your lawyers might use it. You won't benefit directly.

4. NICE Actimize (Markets Surveillance Cloud)

Best for: Enterprise-grade surveillance (if you can afford it)

NICE Actimize holds roughly 45% of the financial crime prevention market. Their Markets Surveillance Cloud covers every asset class you can think of: equities, options, futures, FX, fixed income, digital assets. Market data from 100+ markets included at no extra charge.

For DCM applicants, having Actimize in your filing carries weight. It's what the big exchanges use. The CFTC itself uses Nasdaq's surveillance technology, and Actimize competes at that level.

The problem is cost. Full deployments run $500K+ annually, with implementation costs that can hit seven figures. For a funded crypto exchange, maybe. For a startup prediction market, probably not. Eventus is the more practical choice for most new applicants.

G2 satisfaction: 73%. Users praise the coverage, complain about the learning curve and integration complexity.

DCM relevance: 7/10. Gold standard for surveillance, but priced for incumbents, not startups.

5. SteelEye + FundApps (merged Nov 2025)

Best for: Recordkeeping, reporting, and position monitoring

These two merged in November 2025 with FTV Capital backing. Combined ARR approaching $63M. 350 clients across 18 countries.

The combined platform covers trade and communications surveillance, recordkeeping, best execution, transaction reporting (SteelEye side), plus shareholding disclosure and position limits monitoring across 100+ jurisdictions (FundApps side). They monitor $30 trillion in assets under management.

Here's what matters for DCM applicants: SteelEye explicitly covers CFTC Rule 38.156 (automated trade surveillance for DCMs), recordkeeping under 17 CFR 1.31, and swap data reporting under 17 CFR 45/46/49. They already serve commodities firms.

Pricing: custom enterprise. Not published.

DCM relevance: 7/10. Covers surveillance, recordkeeping, and position limits. Three Core Principles in one vendor.

6. CUBE

Best for: Tracking regulatory changes after designation

CUBE does regulatory intelligence and change management. Their AI tracks regulatory updates globally, classifies them by relevance, and alerts your compliance team to changes that affect your obligations. About 40% of tier-1 financial institutions globally use them. They acquired Thomson Reuters Regulatory Intelligence in December 2024.

For a DCM applicant, CUBE is a "later" purchase. During the application process, you need to show the CFTC your compliance framework, not your regulatory change monitoring setup. After designation, when the CFTC issues new guidance or amends Part 38 rules, CUBE helps you stay current.

Around 700 employees including 250 regulatory subject matter experts. Revenue more than doubled since start of 2024. Backed by Hg Capital.

Pricing: enterprise custom. Mid-market product (RegPlatform Intel) available for smaller firms.

DCM relevance: 4/10. Valuable post-designation. Not useful during the application process.

7. Behavox

Best for: Communications surveillance

Behavox monitors voice, email, chat, and instant messaging (150+ data types) for compliance breaches. Their claim to fame: 90% reduction in false positives. Over 100 major financial institution clients, including BNY Mellon.

For DCM applicants, communications surveillance supports Core Principle 2 (Compliance with Rules) and helps detect insider trading and market manipulation through communication channels. Behavox actually submitted a formal response to the CFTC in April 2024 advocating for AI-driven surveillance approaches.

Their AI models are fully auditable and meet SR 11-7 model risk compliance, which matters when regulators scrutinize your surveillance methodology.

Raised between $168M and $296M (sources vary). Latest: $70M debt financing from Hercules Capital in October 2024. 30%+ ARR growth in 2025.

DCM relevance: 5/10. Addresses one slice of compliance. Important for ongoing operations, nice-to-have for the application.

The Gap Nobody Fills

Here's what's missing from every tool on this list:

Core Principle compliance checking. Upload your rulebook and compliance manual, map them against all 23 Core Principles, and see where you have gaps before you file. No vendor does this. Ascent maps obligations but doesn't read your documents to check if they're met. Harvey reads documents but doesn't understand Part 38 specifics.

Pre-submission readiness scoring. Before you file, know where your application stands. Which Core Principles are covered? Which have gaps? What evidence is missing? Currently this evaluation happens in conference rooms with $800/hour lawyers.

Document-to-regulation mapping. Take your actual exchange rules, your actual compliance manual, your actual system safeguards documentation, and check them against the specific requirements in 17 CFR Part 38. Not keyword matching. Actual semantic understanding of whether your Rule 5.17 on abusive trading practices satisfies Section 38.152's requirements.

That's what RegFo does.

We're already doing this for a DCM applicant. Upload your Rulebook and Compliance Manual, and the system reads every rule, every section, every subsection against Part 38 requirements. Not keyword matching. The AI understands whether your Rule 5.17 on abusive trading practices actually satisfies what Section 38.152 asks for, or just mentions the right words.

One example: CFTC staff sent over 100 questions to a DCM applicant we work with. Questions like "Please amend Rule 11.1(3) to include the SEF reference as required by Commission regulation 38.7." RegFo parsed every question, matched it to the specific section in the Rulebook or Compliance Manual, identified where the existing text falls short, and drafted the amendment language. The compliance team spent their time reviewing and approving, not hunting through 200 pages of regulatory text.

The coverage matters here. 97% of those CFTC questions mapped directly to indexed sections in the applicant's documents. The 3% that didn't? Questions referencing documents the applicant hadn't uploaded yet. Not a model failure, a data gap we flagged.

Every gap RegFo catches before submission is a round of CFTC back-and-forth you don't have. At $800/hr for outside counsel and 2+ year timelines, finding gaps early isn't a nice-to-have. It's the difference between a 14-month process and a 26-month one.

We started with regulatory compliance checking for biotech, mapping study documents against FDA/ICH requirements. The core problem is identical: take a company's actual documents, check them against hundreds of regulatory requirements, and show exactly what's missing and where to fix it. We've run that playbook on 373 FDA requirements. Now we're running it on CFTC's 23 Core Principles.

If you're preparing a DCM application, try RegFo or reach out. We're not trying to replace your legal counsel. We're trying to make sure you're not paying them $800/hr to find gaps a machine can catch in 60 seconds.

What You Should Actually Buy (Summary)

Total realistic budget for a de novo DCM application: $5-8M in the first two years. Or $112M if you'd rather buy an existing entity.