NFA ISSP Amendments
Reminder: April 1 effective date for amendments to NFA's Interpretive Notice regarding Information Systems Security Programs—instructions for notifying NFA of applicable cybersecurity incidents In January 2019, NFA issued a Notice to Members announcing amendments to its Interpretive Notice entitled NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs (Interpretive Notice). The amendments provide clarification on common questions related to training obligations and ISSP approval posed by Members to NFA, and impose a narrowly drawn notification requirement to ensure that Members notify NFA of certain cybersecurity incidents related to a Member's commodity interest activities. The amendments will become effective on April 1, 2019. Cybersecurity incidents discovered on or after April 1, 2019 must be reported to NFA. Notification Requirement The amendments require Members (other than futures commission merchants for which NFA is not the DSRO) to notify NFA of cybersecurity incidents related to their commodity interest business that: result...