The U.S. National Futures Association (NFA) on Thursday posted a reminder about the new cybersecurity requirements that all of its members, including Forex brokers, will have to meet from March 1, 2016.
The new requirements are outlined in the Cybersecurity Interpretive Notice issued by the NFA last year. The Commodity Futures Trading Commission (CFTC) approved the notice soon after one of the largest FX brokers in the United States – FXCM Inc (NYSE:FXCM), announced it was a victim of a cybersecurity incident.
The Cybersecurity Interpretive Notice, requires all NFA members to adopt and enforce written policies and procedures to secure customer data and access to their electronic systems. The NFA admits, though, that a one-size-fits-all approach will not work when applying these new requirements, so certain flexibility is allowed for firms, for instance, when interpreting what “diligent supervision” means for a particular entity.
Information systems security programs (ISSP) should contain:
- A security and risk analysis;
- A description of the safeguards against identified system threats and vulnerabilities;
- The process used to assess the nature of a detected security event, evaluate and understand its potential impact, and take necessary measures to contain and mitigate the breach;
- A description of the Member’s education and training regarding information systems security for all appropriate personnel.
To assist Members in the development and implementation of their ISSPs, NFA organized three regulatory workshops earlier this month. The audio recording and materials from the Chicago Cybersecurity Workshop can be found on NFA’s website.
The reminder from the NFA about the new requirements can be viewed by clicking here.