NFA to require firms to inform it of cybersecurity-related incidents

Maria Nikolova

NFA members will have to notify the body of cyber incidents that result in a loss of customer or counterparty funds or loss of a member firm’s capital.

The United States National Futures Association (NFA) has clarified the amendments to its Information Systems Security Programs Interpretive Notice. The Association plans a raft of changes, including a requirement for members to inform it about certain cybersecurity-related incidents.

The changes refer to the Interpretive Notice, which got into effect in March 2016. NFA reminds that this document requires that each Member adopt a written information systems security program (ISSP) to address the risk of unauthorized access to or attack of their information technology systems and to respond appropriately in case an unauthorized attacks occurs.

The amendments provide clarification on common questions related to training obligations and ISSP approval posed by Members to NFA, and introduce a narrowly drawn notification requirement to ensure that Members notify NFA of cybersecurity incidents related to a Member’s commodity interest activities. The amendments are set to become effective on April 1, 2019.

  • Training

Currently, the Interpretive Notice requires NFA Members to provide training to employees upon hiring and periodically during their employment. The amendments require training of employees upon hiring, at least annually thereafter, and more frequently if circumstances warrant. On top of that, the amendments require that Members identify the specific topical areas covered in the Member’s training program. NFA argues that these changes will bolster cybersecurity defenses, while still providing Members with flexibility to create a training program responsive to the applicable risks identified by a Member.

  • ISSP Approval

The existing version of the Interpretive Notice requires that a Member’s ISSP be approved, in writing, by the Member’s Chief Executive Officer, Chief Technology Officer, or other executive level official. NFA, however, has found that the term “executive level official” is not uniformly understood by Members. That is why, NFA amended the Interpretive Notice to delete the term executive level official and replace it with “senior level officer with primary responsibility for information security or other senior official who is a listed principal and has the authority to supervise the Member’s execution of its ISSP”. The Interpretive Notice was also amended to clarify the approval process for a Member that meets its obligations through participation in a consolidated entity ISSP.

  • Notice of cybersecurity-related incidents

The Interpretive Notice currently requires Members to formulate an incident response plan that addresses how a Member will communicate with external parties. However, the present rules do not require a Member to notify NFA when it experiences any type of cybersecurity-related incident. NFA amended the Interpretive Notice to include a narrowly tailored notification requirement for cybersecurity incidents. The amendments require Members (other than futures commission merchants for which NFA is not the DSRO) to notify NFA of cybersecurity incidents related to their commodity interest business that:

  • result in a loss of customer or counterparty funds or loss of a Member firm’s capital; or
  • if a Member notifies its customers or counterparties of an incident pursuant to state or federal law.

NFA says it will provide a subsequent communication describing the manner in which Members should notify NFA of cybersecurity incidents in due course.

Read this next

Digital Assets

DappRadar report: NFTs volume below $1 billion for the first time since June 2021

DappRadar’s July 2022 industry report found that blockchain games and their NFTs remain resilient amid a crypto winter accentuated by the debacle of Terra.

Digital Assets registers to operate crypto business in Italy had registered as a digital asset provider in Italy, following in the tracks of rivals who joined a special registry with brokerage regulator Organismo degli Agenti e dei Mediatori (OAM).

Digital Assets

Binance rolls out crypto card in Argentina with 8% cashback

Binance is launching its crypto debit card in Argentina, the first country in Latin America to have the product thanks to a partnership with Mastercard.

Digital Assets

Greece sends BTC-e operator Alexander Vinnik to US

Alexander Vinnik, an alleged Russian hacker accused of laundering $4 billion of criminal proceeds through BTC-e, has been extradited from Greece to the United States.

Retail FX

Saxo Bank reports weakest FX volume in 6 months

As many traders were away on annual summer leave, currency markets saw a relatively quiet period in July. Within that context, Copenhagen-based Saxo Bank has reported its monthly metrics, which showed a renewed decline month-over-month.

Market News

The Week Ahead: 5 August from David Madden, Market Analyst at Equiti Group

It has been an interesting week and despite a lot of negative news, equity markets enjoyed a positive run. US House Speaker, Nancy Pelosi, defied the warnings from the Chinese government and carried out a visit to Taiwan. The Beijing authorities moved military hardware close to the self-governed island to flex its muscles. Stock markets came under a little pressure as a result and risk-off assets like the Japanese yen and gold found themselves in high demand.


Alina Strogonova of Muvon Payments: How Can Fintech Optimise Payments

Financial services in their conventional form are obsolete, according to fintech startups. New-age finance is constantly redesigning electronic money transactions and testing innovative solutions.

Digital Assets

No need for CFDs: BitMEX introduces leveraged FX perpetual swaps

Previously retail FX trading was mostly possible via CFDs (contract for difference). BitMEX’s FX perps allow both retail users and institutional traders to access FX markets through an exchange-traded contract.

Digital Assets

BEQUANT launches index measuring dollar against crypto

“Our research team has worked hard to quantify and capture the latest economic story into the broader crypto market.”