On February 29, National Futures Association (NFA) issued Interpretive Notice I-16-10, which notifies member firms about the addition of a cybersecurity section to NFA’s Self-Examination Questionnaire. This section is designed to help assist member firms in complying with NFA’s Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 entitled Information Systems Security Programs (Notice). The Notice, which became effective March 1, outlines cybersecurity and information systems security program (ISSP) requirements.
NFA expects member firms to complete the cybersecurity section as appropriate based on the size and complexity of its operations, the make-up of its customers and counterparties, and the extent of its interconnectedness. Swap dealers and major swap participant members are not required to complete the Self-Examination Questionnaire, but may use the cybersecurity section as a resource.
To further assist firms, NFA has also published answers to frequently asked questions (FAQs) about the Notice and the ISSP implementation requirements.
NFA Notice I-16-10 is available here.
The Self-Examination Questionnaire is available here.
The FAQs are available here.