The National Futures Association (NFA) adopted on October 23, 2015 an “Interpretive Notice to NFA Compliance Rules 2-9, 2-36, and 2-49: Information Systems Security Programs” (Notice).1 The Notice requires each NFA Member to adopt an “Information Systems Security Program” (ISSP), and provides guidance as to the NFA’s general requirements for Member information systems security practices.
The Notice will become effective March 1, 2016 – therefore, NFA Members must have an ISSP in place by that date. The requirements set forth in the Notice will apply to all NFA Members, including: commodity pool operators (CPOs); commodity trading advisors (CTAs); introducing brokers (IBs); future commission merchants; retail foreign exchange dealers; swap dealers; and major swap participants.
The NFA stated in its Submission Letter proposing the Notice to the CFTC that the Notice is “consistent” with the cybersecurity guidance published by other financial regulators, including the April 2015 Guidance Update issued by the SEC’s Division of Investment Management (IM Guidance Update).2 As with the IM Guidance Update, the Notice leaves “the exact form of an ISSP up to each Member . . . .” However, the Notice is more detailed than the IM Guidance Update, and the NFA uses different terms to describe the information system security practices its Members should put in place. Accordingly, asset managers and their affiliates that are NFA Members will need to review the Notice and consider whether their current cybersecurity programs adequately address the guidelines (discussed below) and take any necessary actions to implement appropriate ISSPs in anticipation of the March 1 effective date. For the full article click here
from cyber security caucus http://ift.tt/1PrAVYF
via IFTTT
No comments:
Post a Comment