As your industry advocate, the NIBA provides many services which help your business stay in compliance with NFA regulations. "Ask the NFA," is the way you can ask questions about those regulations and compliance requirements without having to call NFA directly.
Just email us at nfacomments@theniba.com and we will get the answers for you. Please keep in mind the purpose of this contact is to keep the lines of communication between NFA and NIBA members open, not to fix any specific individual concerns.
This month's questions were selected from those submitted by NIBA members. The answers were supplied by NFA staff.
If I have a cybersecurity issue who should I notify at NFA and what is NFA's response/reaction to the notification?
Members should adopt a response plan within their ISSP that includes notification to NFA, relevant regulatory bodies and law enforcement based upon the type, severity, and materiality of an event and be familiar with notice requirements contained in applicable state and federal data breach statutes and regulations. Members are encouraged to obtain contact information for applicable regulatory bodies and law enforcement in advance of an event. Subsequent to an event, Members should also consider sharing the relevant details of a breach with a cybersecurity information-sharing network organization.
To notify NFA, Members should contact NFA's Information Center by calling 312-781-1410 or 800-621-3570, or emailing information@nfa.futures.org. Information Center representatives are available from 8:00 a.m. to 5:00 p.m. Central Time, Monday through Friday.
What cybersecurity procedures does NFA have in place as an organization itself?
Safeguarding Member information is of primary importance for NFA. Cybersecurity continues to be a pressing issue for all organizations. Hacking techniques are advancing quickly both in terms of sophistication and accessibility.
In response to these rapidly evolving cybersecurity threats, NFA has been aggressively pursuing a series of initiatives to enhance its security posture. For example, NFA implemented enhanced intrusion-detection controls in order to identify malicious activity more quickly and isolate it before further damage can be done. In addition, NFA deployed internal safeguards to more effectively monitor the movement of sensitive data and guard against accidental or deliberate loss. Finally, NFA continues to make data encryption a priority and has implemented a program to encrypt key data in its various states.
Overall, NFA strives to keep its systems secure. Although cybersecurity threats are expected to evolve at an ever-increasing rate, NFA remains committed to seeking effective solutions to counteract them.