American Watchdog Imposes New Cybersecurity Regulations
- The newly approved information protection program includes several measures meant to prevent identity theft and hacking.
Financial firms around the world are facing tougher and tougher challenges from determined and sophisticated cyber criminals. Only this month we have learned about a security breach at FXCM, data theft at Scottrade and a crippling DDos attack against IC Markets.
As the vulnerabilities of a modern electronic marketplace are exposed over and over again, financial watchdogs feel pressure to show the public that they are taking action to protect them from the danger. While firms naturally take any reasonable measures that they can to protect their interests, they will also need to accommodate the new regulations arising from the authorities' need to counter the alarming headlines.
In accordance with this situation, the American National Futures Association (NFA) has announced on Friday that the Commodity Futures Trading Commission (CFTC CFTC The 1974 Commodity Exchange Act (CEA) in the United States created the Commodity Futures Trading Commission (CFTC). The Commission protects and regulates market activities against manipulation, fraud, and abuse trade practices and promotes fairness in futures contracts. The CEA also included the Sad-Johnson Agreement, which defined the authority and responsibilities for the monitoring of financial contracts between the Commodity Futures Trading Commission and the Securities and Exchange Commiss The 1974 Commodity Exchange Act (CEA) in the United States created the Commodity Futures Trading Commission (CFTC). The Commission protects and regulates market activities against manipulation, fraud, and abuse trade practices and promotes fairness in futures contracts. The CEA also included the Sad-Johnson Agreement, which defined the authority and responsibilities for the monitoring of financial contracts between the Commodity Futures Trading Commission and the Securities and Exchange Commiss Read this Term) recently approved its plan regarding Information Systems Security Programs (ISSP), proposed in August.
Coming into effect on March 1, 2016, the new rules will apply to all types of NFA members, including: futures commission merchants, commodity trading advisors, commodity pool operators, swap dealers, introducing brokers and retail Forex Forex Foreign exchange or forex is the act of converting one nation’s currency into another nation’s currency (that possesses a different currency); for example, the converting of British Pounds into US Dollars, and vice versa. The exchange of currencies can be done over a physical counter, such as at a Bureau de Change, or over the internet via broker platforms, where currency speculation takes place, known as forex trading.The foreign exchange market, by its very nature, is the world’s largest tradi Foreign exchange or forex is the act of converting one nation’s currency into another nation’s currency (that possesses a different currency); for example, the converting of British Pounds into US Dollars, and vice versa. The exchange of currencies can be done over a physical counter, such as at a Bureau de Change, or over the internet via broker platforms, where currency speculation takes place, known as forex trading.The foreign exchange market, by its very nature, is the world’s largest tradi Read this Term dealers. Included among the safeguards that the NFA lists for ISSP to implement are: using complex passwords; using and maintaining a firewall, antivirus and anti-malware software; and making sure all the software is updated.
Internally designed and monitored approach
The NFA’s plan requires security programs to cover several key areas, which are comparable to the areas addressed by other regulators. Written ISSPs must be approved within firms by an executive level official and contain a security and risk analysis, a description of the safeguards deployed against identified threats and vulnerabilities, the process used to evaluate the nature of a detected security event, an understanding of its potential impact and appropriate measures to contain and mitigate the breach.
Additionally, the ISSP must describe the ongoing education and training related to information systems security for all appropriate personnel. Lastly, the NFA requires members to monitor and regularly review (i.e., at least every twelve months) the effectiveness of its ISSP, including the efficacy of the safeguards they have deployed, and make adjustments as appropriate, and requires ISSPs to address the risks posed by critical third-party service providers.
The NFA says it recognizes that some of its members may face a significant challenge implementing ISSPs by the March 1, 2016 effective date, and any programs that are adopted will be refined over time. However, it will devote resources, such as additional guidance, to assist firms develop and implement their ISSPs.
Financial firms around the world are facing tougher and tougher challenges from determined and sophisticated cyber criminals. Only this month we have learned about a security breach at FXCM, data theft at Scottrade and a crippling DDos attack against IC Markets.
As the vulnerabilities of a modern electronic marketplace are exposed over and over again, financial watchdogs feel pressure to show the public that they are taking action to protect them from the danger. While firms naturally take any reasonable measures that they can to protect their interests, they will also need to accommodate the new regulations arising from the authorities' need to counter the alarming headlines.
In accordance with this situation, the American National Futures Association (NFA) has announced on Friday that the Commodity Futures Trading Commission (CFTC CFTC The 1974 Commodity Exchange Act (CEA) in the United States created the Commodity Futures Trading Commission (CFTC). The Commission protects and regulates market activities against manipulation, fraud, and abuse trade practices and promotes fairness in futures contracts. The CEA also included the Sad-Johnson Agreement, which defined the authority and responsibilities for the monitoring of financial contracts between the Commodity Futures Trading Commission and the Securities and Exchange Commiss The 1974 Commodity Exchange Act (CEA) in the United States created the Commodity Futures Trading Commission (CFTC). The Commission protects and regulates market activities against manipulation, fraud, and abuse trade practices and promotes fairness in futures contracts. The CEA also included the Sad-Johnson Agreement, which defined the authority and responsibilities for the monitoring of financial contracts between the Commodity Futures Trading Commission and the Securities and Exchange Commiss Read this Term) recently approved its plan regarding Information Systems Security Programs (ISSP), proposed in August.
Coming into effect on March 1, 2016, the new rules will apply to all types of NFA members, including: futures commission merchants, commodity trading advisors, commodity pool operators, swap dealers, introducing brokers and retail Forex Forex Foreign exchange or forex is the act of converting one nation’s currency into another nation’s currency (that possesses a different currency); for example, the converting of British Pounds into US Dollars, and vice versa. The exchange of currencies can be done over a physical counter, such as at a Bureau de Change, or over the internet via broker platforms, where currency speculation takes place, known as forex trading.The foreign exchange market, by its very nature, is the world’s largest tradi Foreign exchange or forex is the act of converting one nation’s currency into another nation’s currency (that possesses a different currency); for example, the converting of British Pounds into US Dollars, and vice versa. The exchange of currencies can be done over a physical counter, such as at a Bureau de Change, or over the internet via broker platforms, where currency speculation takes place, known as forex trading.The foreign exchange market, by its very nature, is the world’s largest tradi Read this Term dealers. Included among the safeguards that the NFA lists for ISSP to implement are: using complex passwords; using and maintaining a firewall, antivirus and anti-malware software; and making sure all the software is updated.
Internally designed and monitored approach
The NFA’s plan requires security programs to cover several key areas, which are comparable to the areas addressed by other regulators. Written ISSPs must be approved within firms by an executive level official and contain a security and risk analysis, a description of the safeguards deployed against identified threats and vulnerabilities, the process used to evaluate the nature of a detected security event, an understanding of its potential impact and appropriate measures to contain and mitigate the breach.
Additionally, the ISSP must describe the ongoing education and training related to information systems security for all appropriate personnel. Lastly, the NFA requires members to monitor and regularly review (i.e., at least every twelve months) the effectiveness of its ISSP, including the efficacy of the safeguards they have deployed, and make adjustments as appropriate, and requires ISSPs to address the risks posed by critical third-party service providers.
The NFA says it recognizes that some of its members may face a significant challenge implementing ISSPs by the March 1, 2016 effective date, and any programs that are adopted will be refined over time. However, it will devote resources, such as additional guidance, to assist firms develop and implement their ISSPs.