Given the sensitive nature of customer data that Member firms possess and the growing risks associated with cyber breaches, NFA provides guidance requiring Members to adopt and enforce procedures to secure both customer data and access to their electronic systems. NFA's Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 requires all Member firms to adopt and enforce an information systems security program (ISSP) appropriate to its circumstances.
To assist Members as they develop and implement their written ISSPs, NFA's Self-Examination Questionnaire contains a cybersecurity section that can be used as a resource. NFA has also published answers to frequently asked questions. NFA's Interpretive Notice requires Members notify NFA of certain cybersecurity incidents related to a Member's commodity interest activities. This notification can be completed through NFA's Cyber Notice Filing System.