NFA Amends Interpretive Notice Regarding Cybersecurity Programs

January 16, 2019

On January 7, 2019 the National Futures Association provided additional guidance on the required cybersecurity practices of certain NFA members by amending its Interpretive Notice entitled NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs.

The Interpretive Notice currently requires each NFA member futures commission merchant, commodity trading advisor, commodity pool operator, introducing broker, retail foreign exchange dealer, swap dealer and major swap participant to implement a written information systems security program and enact other cybersecurity procedures sufficient to identify, address and respond to cybersecurity incidents.  The amendments to the Interpretive Notice are informed by NFA examinations of member ISSPs since the Interpretive Notice became effective in March 2016.  They are intended to clarify certain common questions posed by NFA members related to internal approvals of the ISSP and employee training.  The amendments additionally impose a new notification requirement for specified cybersecurity incidents.

Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.