NFA to require firms to inform it of cybersecurity-related incidents

Maria Nikolova

NFA members will have to notify the body of cyber incidents that result in a loss of customer or counterparty funds or loss of a member firm’s capital.

The United States National Futures Association (NFA) has clarified the amendments to its Information Systems Security Programs Interpretive Notice. The Association plans a raft of changes, including a requirement for members to inform it about certain cybersecurity-related incidents.

The changes refer to the Interpretive Notice, which got into effect in March 2016. NFA reminds that this document requires that each Member adopt a written information systems security program (ISSP) to address the risk of unauthorized access to or attack of their information technology systems and to respond appropriately in case an unauthorized attacks occurs.

The amendments provide clarification on common questions related to training obligations and ISSP approval posed by Members to NFA, and introduce a narrowly drawn notification requirement to ensure that Members notify NFA of cybersecurity incidents related to a Member’s commodity interest activities. The amendments are set to become effective on April 1, 2019.

  • Training

Currently, the Interpretive Notice requires NFA Members to provide training to employees upon hiring and periodically during their employment. The amendments require training of employees upon hiring, at least annually thereafter, and more frequently if circumstances warrant. On top of that, the amendments require that Members identify the specific topical areas covered in the Member’s training program. NFA argues that these changes will bolster cybersecurity defenses, while still providing Members with flexibility to create a training program responsive to the applicable risks identified by a Member.

  • ISSP Approval

The existing version of the Interpretive Notice requires that a Member’s ISSP be approved, in writing, by the Member’s Chief Executive Officer, Chief Technology Officer, or other executive level official. NFA, however, has found that the term “executive level official” is not uniformly understood by Members. That is why, NFA amended the Interpretive Notice to delete the term executive level official and replace it with “senior level officer with primary responsibility for information security or other senior official who is a listed principal and has the authority to supervise the Member’s execution of its ISSP”. The Interpretive Notice was also amended to clarify the approval process for a Member that meets its obligations through participation in a consolidated entity ISSP.

  • Notice of cybersecurity-related incidents

The Interpretive Notice currently requires Members to formulate an incident response plan that addresses how a Member will communicate with external parties. However, the present rules do not require a Member to notify NFA when it experiences any type of cybersecurity-related incident. NFA amended the Interpretive Notice to include a narrowly tailored notification requirement for cybersecurity incidents. The amendments require Members (other than futures commission merchants for which NFA is not the DSRO) to notify NFA of cybersecurity incidents related to their commodity interest business that:

  • result in a loss of customer or counterparty funds or loss of a Member firm’s capital; or
  • if a Member notifies its customers or counterparties of an incident pursuant to state or federal law.

NFA says it will provide a subsequent communication describing the manner in which Members should notify NFA of cybersecurity incidents in due course.

Read this next

Digital Assets

Ledger taps MoonPay for instant crypto purchase and token swaps

Crypto hardware wallets provider Ledger and digital payment processor MoonPay announced on Monday new features and products to sweeten their service offerings.

Retail FX

CySEC delists Leverate from investor compensation fund

The Cyprus Securities and Exchange Commission (CySEC) announced that Leverate, a provider of brokerage solutions for the financial services industry, has been excluded from its investor compensation fund today.

blockdag

Top Crypto Investment: BlockDAG Outpaces Bitcoin Price and Cardano ADA Upgrades, Securing $19.3M in Revolutionary Presale

After plummeting below the crucial $70,000 mark amidst geopolitical tensions, the Bitcoin price is signalling a recovery as it climbs past $63,000. Concurrently, Cardano ADA upgrades, particularly the much-anticipated Chang Hardfork.

Fundamental Analysis, Tech and Fundamental

Global FX Market Summary: Middle East, US economic data, Eurozone data April 22 ,2024

US Dollar strengthens as easing Middle East tensions and strong economic data boost investor confidence, while dovish central banks and weak data weigh on the Euro.

Digital Assets

Thailand moves to block crypto websites to combat online crime

Thai authorities announced that they will block access to unauthorized cryptocurrency platforms. The decision was made after a meeting of the Technology Crime Prevention and Suppression Committee.

Tech and Fundamental, Technical Analysis

GBPUSD Technical Analysis Report 22 April, 2024

GBPUSD currency pair can be expected to fall further toward the next support level 1.2200, previous strong support from November.

Fintech

TT now enables users to create synthetic multi-leg instruments

“TT Splicer combines the ease and flexibility of TT’s market-leading Autospreader with the power of our best-in-class execution algos to uniquely minimize slippage and optimize trade execution when trading synthetic multi-leg spreads.”

Fintech

Imandra launches FIX Wizard: AI assistant for FIX connectivity suite

“LLMs hold tremendous promise, but ultimately cannot be trusted in regulated environments. By combining their strengths with scalable, rigorous automated reasoning, we obtain a kind of magic: conversational interfaces with correct reasoning and domain-specific skills.”

Chainwire

Sui Overflow Hackathon Funding Pool Balloons to $1,000,000 as New Sponsors Join

Alibaba Cloud, AngelHack and dWallet are among the latest supporters for the global event.

<