On February 29, National Futures Association (NFA) issued Interpretive Notice I-16-10, which notifies member firms about the addition of a cybersecurity section to NFA’s Self-Examination Questionnaire. This section is designed to help assist member firms in complying with NFA’s Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 entitled Information Systems Security Programs (Notice). The Notice, which became effective March 1, outlines cybersecurity and information systems security program (ISSP) requirements. For a more complete discussion of the Notice, see the Corporate & Financial Weekly Digest edition of September 4, 2015.
NFA expects member firms to complete the cybersecurity section as appropriate based on the size and complexity of its operations, the make-up of its customers and counterparties, and the extent of its interconnectedness. Swap dealers and major swap participant members are not required to complete the Self-Examination Questionnaire, but may use the cybersecurity section as a resource.
To further assist firms, NFA has also published answers to frequently asked questions (FAQs) about the Notice and the ISSP implementation requirements.
NFA Notice I-16-10 is available here.
The Self-Examination Questionnaire is available here.
The FAQs are available here.