NFA Security Requirements Effective April 1st

John Falck

NFA updated requirements for member firms’ security programs took effect April 1, 2019.   The primary changes cover employee security awareness training, notification requirements in the event of a security breach, and clarification on the approval of a member’s security program.  

NFA requires every member firm to have an Information Systems Security Program (ISSP) that documents how it identifies and manages its information and cyber security risks.  Detailed in NFA Interpretive Notice 9070 (initially effective March 2016), these guidelines cover multiple topics and follow a principles based approach to give firms flexibility to implement a security program appropriate for their business.  The April 2019 update adds some specific requirements:

  • All member firm employees must receive security awareness training upon hiring, and within every year thereafter.  Training topics should be documented and training should be appropriate for the individual’s work responsibilities.  
  • NFA notification is always required if a security breach causes financial loss to a member’s client or the firm’s own capital.  
  • NFA notification is also required if a security breach triggers reporting requirements per state or federal laws, e.g., due to inappropriate access or theft of customer personally identifying information (PII).  
  • Annual approval of a firm’s ISSP must be made in writing by a firm principal or senior executive (e.g., CEO, COO, CISO).  For firms that adopt the ISSP of their parent company, review is required that the consolidated entity ISSP is appropriate for the member’s business and risks.  

 

vSEC is an information and cyber security advisory company that specializes in the futures industry.  Feel free to contact us at info@vsecllc.com if you have questions or need assistance creating or reviewing your firm’s ISSP.  

 

John Lothian Newsletter

We visit more than 100 websites daily for financial news (Would YOU do that?)

Now Read This

Chris Flint

In a contested election for a large-firm seat on the board of the Financial Industry Regulatory Authority (Finra), Chris W. Flint won over incumbent Andrew S. Duff, who was selected to run by the Finra board's nominating committee.

iownit

Iownit’s broker dealer subsidiary was approved for membership in FINRA, allowing iownit.usto issue private placement securities on its blockchain-based platform.

Pin It on Pinterest

Share This