Our industry has certainly transformed over the past decade. Much of this transformation stems from new rules and regulations, some of which are aimed at addressing the use of technology in the futures industry. As we are all aware, effective March 1, 2016, each and every NFA Member firm must adopt and enforce an information systems security program (“ISSP”). If you are not aware that this requirement exists, we encourage you to attend this session! NFA issued an interpretative notice approved by its Board of Directors on August 20, 2015 that provides guidance regarding information systems security practices that Member firms should adopt and tailor to their particular business activities and risks. This requirement falls upon all types of firms (FCMs, IBs, CPOs, CTA, RFEDs, Swap Dealers, and Major Swap Participants).
During NIBA’s April 20, 2016 conference, I will be moderating a cybersecurity panel made up of experts spanning from consultants in the industry to an experienced NFA staff person. This panel is tailoring a one hour session to assist NFA Members in their on-going effort of complying with the new cybersecurity requirements. The panel’s goal is to provide you with an insight on the requirements that need to be continually addressed in your firm’s enforcement of its ISSP. Your firm’s compliance responsibilities did not stop once you created the ISSP. There will be a need to keep the ISSP updated throughout the year. Your firm will need to ensure proper and on-going training is provided to your staff and you will need to ensure your program is effective by performing, at least annually, a test of the ISSP. I can say from experience that my firm, Compliance Supervisors International, Inc. has been working around the clock since the adoption of the cybersecurity interpretative notice. We have been working with existing and new NFA Members in creating and refining ISSPs and providing comprehensive cybersecurity training through our training website - www.training4futures.com.
The cybersecurity panel will be ready to address the requirements and will be ready to answer your questions on this subject matter. Ultimately, we do not expect all those that attend our session to become experts in the field. However, we will know we have done our job if you have left the session with a deep understanding and appreciation of why this critical requirement exists, why it’s important that each of us play an important role in ensuring compliance with the requirements, and that our way of doing business will need to change going forward through vigilant efforts to thwart those that wish to hurt us through cybersecurity attacks.
Should you have any questions about the session, or need assistance with your written cybersecurity policy and training, please feel free to call Robert DeMuria at 732-335-5740. We look forward to seeing you on April 20.