Members of the U.S. futures market will soon be measured against heightened cybersecurity standards geared towards enhancing incident preparation, prevention, and response among industry participants regulated by the National Futures Association (NFA)—a non-profit enforcement entity tasked with overseeing futures trading in collaboration with the Commodity Futures Trading Commission (CFTC). Earlier this year, the NFA submitted an August 28, 2015 Proposed Interpretive Notice to the CFTC for review, seeking approval to implement new regulatory guidance ostensibly intended to clarify NFA Compliance Rules imposing an obligation of diligent supervision among NFA members. With the CFTC lending its approval on October 23, 2015, regulated industry participants will be required to design and implement enhanced cybersecurity measures that satisfy the NFA’s newly prescribed “acceptable standards for supervisory procedures,” now officially slated to take effect on March 1, 2016.
CFTC views cybersecurity and data integrity as top priorities; may issue regulations
Cybersecurity has recently become a high priority issue at the US Commodity Futures Trading Commission (CFTC) – the agency overseeing designated contract markets, swap execution facilities, derivatives clearing organizations, swap data repositories (SDRs), swap dealers, futures commission merchants, commodity pool operators and other derivatives market participants.
CFTC articulates unique cybersecurity concerns
CFTC Chairman Timothy Massad has recognized cybersecurity as “the single most important new risk to market integrity and financial stability.” The Commission is particularly concerned about cyber-attacks on commodity markets and their participants – an exchange, clearing organization or SDR – that lead to the compromise of the integrity of market data. Such a compromise of data integrity could stop commodity markets from functioning and cause significant financial losses to the commodity futures trading ecosystem.
In support of its focus on cybersecurity, the CFTC recently convened a roundtable to articulate the industry’s strategy on addressing cybersecurity concerns. The event brought together representatives from the White House, Department of Homeland Security, FBI, NSA and Treasury, as well as exchanges, clearing organizations, SDRs and commodity market participants. One of the key initial concerns is assessing – through testing – the cybersecurity readiness of exchanges, clearing organizations and SDRs.