On January 27, the CME Group Clearing House Risk Committee publicized four disciplinary actions that were settled by clearing members. In one action, Nanhua USA LLC agreed to pay a fine of $50,000 to resolve charges that it failed comply with a Chicago Mercantile Exchange, Inc. requirement that it maintain business continuity policies and procedures that include certain enumerated elements (click here to access Rule 983). Among other things, clearing members are required to periodically test their disaster recovery and business continuity plans; duplicate “critical systems” at back-up locations; and periodically back-up “critical information.” Separately, SG Americas Securities LLC consented to remit a fine of US $50,000 for violating a CME rule related to the retention and making available of certain books and records (click here to access Rule 980), while R.J. O’Brien & Associates, LLC and CHS Hedging LLC agreed to pay fines for financial offenses (click here to access Rule 970 and Rule 971). None of the four entities admitted or denied any rule violation on which a sanction was based.
Compliance Weeds: In addition to its requirement that all members maintain a written business continuity and disaster recovery plan specific to their operations, the National Futures Association has required all members since March 1, 2016, to have adopted and begun enforcing formal written policies regarding cybersecurity. These policies must be “reasonably designed by members to diligently supervise the risks of unauthorized access to or attack of their information technology systems, and to respond appropriately should unauthorized access or attack occur.” (Clickhere for further details on NFA’s requirements in the article “NFA Proposes Cybersecurity Guidance” in the September 13, 2015 edition of Bridging the Week.)