The National Futures Association ("NFA") Interpretive Notice to NFA Compliance Rules 2-9, 2-36, and 2-49, entitled Information Systems Security Programs, becomes effective on March 1, 2016 and applies to all membership categories.
Key Focus Points
The Cybersecurity Interpretive Notice focuses on the following key topic areas:
- Risk assessments and analysis, in which data sensitivities, locations, and risks are reviewed, in addition to inventories, funds transfers, and the risks around physical theft, systems loss, and compromised accounts or machines;
- Written information systems security policies (ISSPs), granting flexibility to organizations in what frameworks they rely on and how they structure these policies. The guidance specifically details the value of a written Incident Response Plan;
- Staff training to help raise awareness around the policies, common threats, and risks to the business should be conducted upon hire and annually for all staff;
- Deployment of protective measures, including intrusion detection and data loss prevention software and hardware;
- Periodic ISSP and program review, at least every twelve (12) months;
- Vendor diligence as to their risks, protections, and security posture; and
- Recordkeeping around the program implementation and compliance.
The full Interpretive Notice is available here.
The NFA has added a cybersecurity section to its Self-Examination Questionnaire. The ACA Aponix and NFA teams can assist in completing this questionnaire as part of their advisory services; please reach out to your ACA Aponix or ACA NFA team for assistance.
In addition, ACA Aponix has released an online training course designed to provide cybersecurity training to existing and new employees. Please visit the ACA Aponix training website to register for a complimentary trial and to purchase the course.
How ACA Can Help
ACA's cybersecurity and risk team, ACA Aponix, can assist you with completing the NFA self-examination questionnaire and provide guidance on meeting NFA requirements. If you have any questions about the notice, or if you would like to discuss engaging ACA for assistance, please contact Rick Geissman or Scott Brindley in ACA’s New York office at +1-212-951-1030