Third-Party Service Providers

Effective September 30, 2021, NFA's Interpretive Notice entitled NFA Compliance Rules 2-9 and 2-36: Members' Use of Third-Party Service Providers requires each Member outsourcing regulatory functions to adopt and implement a supervisory framework over its outsourcing function to mitigate outsourcing-related risks. The Interpretive Notice identifies the minimum areas that must be addressed in the supervisory framework and provides guidance on the types of activities a Member should undertake in each of the areas.

Appendix E of the Self-Examination Questionnaire also contains a number of questions to help Members understand these requirements.

NFA Members remain responsible for meeting their regulatory obligations in situations where they utilize a third-party service or software provider. Specifically, NFA has also issued several Interpretive Notices that address the use of a third-party service or software provider in a number of areas, including anti-money laundering, automated order routing, electronic trading systems and information systems security programs. Among other things, these Notices emphasize that NFA Members should conduct both initial and ongoing due diligence when establishing and maintaining a relationship with a third-party service or software provider.