Notices to Members2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998 | 1997 | 1996 | Show fewer years
February 11, 2016
Reminder: March 1 effective date of NFA Interpretive Notice regarding Information Systems Security Programs—Cybersecurity
In October 2015, NFA issued a Notice to Members announcing the Commodity Futures Trading Commission's (CFTC) approval of NFA's Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 entitled Information Systems Security Programs. NFA's Cybersecurity Interpretive Notice requires Member firms to adopt and enforce written policies and procedures to secure customer data and access to their electronic systems.
The Cybersecurity Interpretive Notice will become effective on March 1, 2016, and applies to all membership categories.
NFA recognizes that a one-size-fits-all approach will not work for the application of these requirements. The Cybersecurity Interpretive Notice adopts a principles-based risk approach to allow Member firms some degree of flexibility in determining what constitutes "diligent supervision," given the differences in Members' size and complexity of operations, the make-up of customers and counterparties serviced by Members, and the extent of Members' interconnectedness. However, the Cybersecurity Interpretive Notice does require each Member to adopt and enforce an information systems security program (ISSP) appropriate to its circumstances.
NFA understands that some Members may face challenges implementing ISSPs and any programs that are adopted will be refined over time. To assist Members as they develop and implement their ISSPs, NFA held three regulatory workshops in early February 2016. The audio recording and materials from the Chicago Cybersecurity Workshop are now available on NFA's website.
More information on the Cybersecurity Interpretive Notice is available in the August 28, 2015 submission letter to the CFTC. If you have any questions regarding NFA's Cybersecurity Interpretive Notice, please contact Dale Spoljaric, Managing Director, Compliance (email@example.com or 312-781-7415) or Shuna Awong, Director, OTC Derivatives (firstname.lastname@example.org or 212-513-6057).