Cybersecurity in the futures and derivatives market is “perhaps the single most important new risk to market integrity and financial stability,” Commodity Futures Trading Commission (CFTC) Chairman Timothy Massad stated in a keynote address. The National Futures Association (NFA) recently received CFTC approval of its Interpretive Notice to several existing NFA compliance rules related to supervision, titled “Information Systems Security Programs [ISSPs].” The new guidance will provide more specific standards for supervisory procedures and will require hedge fund managers and other entities that are NFA members to adopt and enforce written policies and procedures to protect customer data and electronic systems. “The approach of the Interpretive Notice is to tie cybersecurity best practices to a firm’s supervisory obligations,” Covington & Burling partner Stephen Humenik said. This article summarizes the guidance. See also “PLI ‘Hot Topics’ Panel Addresses Cybersecurity and Swaps Regulation
,” Hedge Fund Law Report, Vol. 8, No. 43 (Nov. 5, 2015). For more on CFTC and NFA requirements applicable to hedge fund managers, see our three-part CPO Compliance Series: “Conducting Business with Non-NFA Members (NFA Bylaw 1101)
,” Vol. 5, No. 34 (Sep. 6, 2012); “Marketing and Promotional Materials
,” Vol. 5, No. 38 (Oct. 4, 2012); and “Registration Obligations of Principals and Associated Persons
,” Vol. 6, No. 6 (Feb. 7, 2013).