Ask NFA – May 2017

As your industry advocate, the NIBA provides many services which help your business stay in compliance with NFA regulations. “Ask the NFA,” is the way you can ask questions about those regulations and compliance requirements without having to call NFA directly. Just email us at [email protected] and we will get the answers for you. Please keep in mind the purpose of this contact is to keep the lines of communication between the NFA and NIBA members.

This month’s questions were selected from those submitted by NIBA members. The answers were supplied by NFA staff.

Have there been any enforcement related items surrounding cybersecurity this year?  Are any expected?

Given the sensitive nature of customer data that Member firms possess and the growing risks associated with cyber breaches, NFA’s Cybersecurity Interpretive Notice requires Members to adopt and enforce procedures to secure both customer data and access to their electronic systems. This Interpretive Notice is designed to establish general requirements relating to Members’ information systems security programs (ISSP) but leave the exact form of an ISSP up to each Member, allowing the Member flexibility to design and implement security standards, procedures and practices that are appropriate for their circumstances.

NFA has developed a number of resources to help Members meet their cybersecurity regulatory obligations. In May 2017, NFA held regulatory workshops in Chicago and New York that focused on common cybersecurity-related findings from NFA examinations and lessons learned from a panel of experts. A recording of the New York workshop can be found on NFA’s website. In addition, in the past year NFA added a cybersecurity section to the Self-Examination Questionnaire, updated its Regulatory Requirements Guide for FCMs, IBs, CPOs and CTAs, added FAQs to its website, and issued a Notice to Members.