As your industry advocate, the NIBA provides many services which help your business stay in compliance with NFA regulations. “Ask the NFA,” is the way you can ask questions about those regulations and compliance requirements without having to call NFA directly. Just email us at nfacomments@theniba.com and we will get the answers for you. Please keep in mind the purpose of this contact is to keep the lines of communication between the NFA and NIBA members.
This month’s questions were selected from those submitted by NIBA members. The answers were supplied by NFA staff.
Is a 3rd Party audit of my firm's cybersecurity policies and procedures required by the new reg?
NFA's Cybersecurity Interpretive Notice states that Members should monitor and regularly review the effectiveness of their written Information Systems Security Program (ISSP), including the efficacy of the safeguards deployed, and make adjustments as appropriate. A Member should perform a regular review of its ISSP at least once every 12 months using either in-house staff with appropriate knowledge or by engaging an independent third-party information security specialist. The Cybersecurity Interpretive Notice allows Members flexibility to design and implement security standards, procedures and practices that are appropriate for their circumstances.
Will cyber security become an enforcement item this year?
Given the sensitive nature of customer data that Member firms possess and the growing risks associated with cyber breaches, NFA's Cybersecurity Interpretive Notice requires Members to adopt and enforce procedures to secure both customer data and access to their electronic systems.
NFA has developed a number of resources to help Members meet their cybersecurity regulatory obligations. NFA held three regulatory workshops in early February 2016, which focused on NFA's Cybersecurity Interpretive Notice, Information Systems Security Program (ISSP) development, lessons learned from a panel of experts, and what to expect during NFA’s examination process. A recording of the Chicago workshop can be found on NFA’s website. NFA also added a new cybersecurity section to the Self-Examination Questionnaire, updated its Regulatory Requirements Guide for FCMs, IBs, CPOs and CTAs, added FAQs to its website, and issued a Notice to Members.
What does the leadership change at NFA mean for me on a firm/member level?
In November 2016, NFA announced that its Board appointed Thomas Sexton to serve as NFA's President and CEO, effective March 1, 2017. Mr. Sexton intends to build upon the success of NFA's current President and CEO Daniel Roth, who announced last May that he plans to retire. Mr. Sexton also looks forward to working with NFA's Board and staff, Members, the CFTC and other industry leaders, to ensure NFA continues to safeguard market integrity.
Stay Informed
Subscribe to the NIBA Journal for the latest insights and industry updates
