NIBA - Celebrating 35 Years
Back to Journal
Uncategorized

Cybersecurity - The World We Live In

N
Written by
NIBA
Published
Reading time
4 min
By: Cameron R. Scullen, Esq., Associate Attorney, Ruddy Gregory, PLLC* In today’s modern day world, the issue of whether not traders and firms have adequate cybersecurity is constantly discussed. In fact, regulators themselves are noting the potential severity of cyberattacks: “Cybersecurity is a risk that the Division of Swap Dealer and Intermediary Oversight (“DSIO”) and [U.S. Commodity Futures Trading Commission (“CFTC”)] take seriously.”(1) But – it is one thing to take notice and another to protect one’s business with adequate cybersecurity. The CFTC conveyed the same in its recent public statement that was titled the following: CFTC Encourages Standardized Approaches to Assessing Cybersecurity Preparedness, Including the FSSCC Cybersecurity Profile. Therein, the CFTC reiterates that firms subject to its regulatory oversight must follow “generally accepted standards and best practices with respect to the development, operation, reliability, security, and capacity of their automated systems” pursuant to CFTC regulations(2). However, the CFTC remains flexible in how firms develop and assess their respective cybersecurity framework and permit firms to “self-assess” the sufficiency of their overall cybersecurity. But, with greater flexibility, there comes greater responsibility. In essence, this so mentioned “responsibility” can result in liability should a firm not adequately develop and maintain an appropriate cybersecurity framework that is adherent to CFTC regulations. This is evidenced in the CFTC’s order against AMP Global Clearing LLC (“AMP”), where the CFTC imposed a total of $100,000 in monetary sanctions against AMP, a registered futures commission merchant, for various cybersecurity related short falls.(3) While it is important to note that AMP ultimately settled with the CFTC for certain charges the agency levied against it, the CFTC Order unveiled that AMP’s customers’ records and information were subject to a breach by cyber criminals and, as the CFTC alleges inter alia, AMP failed “to supervise diligently the implementation of critical provisions in AMP’s information systems security program.”(4) Thus, businesses operating in the futures industry must not take discretion for granted and ensure they prudently review any and all applicable CFTC regulations and guidance to develop an adequate and sufficient cybersecurity framework. The increasing complexity of technology across the globe requires businesses to apply the utmost scrutiny when determining how best to protect their operations. As stated by former CFTC Director James McDonald: “Entities entrusted with sensitive information must work diligently to protect that information. That’s not only good business, but when it comes to registrants in our markets, it’s the law. As this case shows, the CFTC will work hard to ensure regulated entities live up to that responsibility, which has taken on increasing importance as cyber threats extend across our financial system.”(5) To further reiterate, firms subject to CFTC oversight – and I would argue businesses in general – need to take the proper steps to protect against what has become a substantial threat in today’s market place … cybercrime.
* This article is for informational purposes only and does not contain or convey legal advice. The information herein should not be used or relied on in regard to any particular facts or circumstances without first consulting a lawyer. The statements herein reflect the views of the author only and do not necessarily reflect the views of the author’s employer or any other natural person or entity. (1)CFTC Encourages Standardized Approaches to Assessing Cybersecurity Preparedness, Including the FSSCC Cybersecurity Profile, U.S. Commodity Futures Trading Commission, July 16, 2020, https://www.cftc.gov/PressRoom/SpeechesTestimony/commisisonstatementtac071620. (2)Id. (3)See AMP Global Clearing LLC to Pay $100,000 for Supervision Failures Related to Cybersecurity of its Customers’ Records and Information, U.S. Commodity Futures Trading Commission, February, 12, 2018, https://www.cftc.gov/PressRoom/PressReleases/pr7693-18. (4)See the full list of CFTC findings against AMP at Id. (5)Id.

Stay Informed

Subscribe to the NIBA Journal for the latest insights and industry updates

Related Articles

View All
Uncategorized

Marketing Strategy: Customer Segmentation

When I am talking with a friend or colleague who wants to kickstart their marketing efforts, my approach is “simpler is better”. It’s a lot like getting off the couch and back into the gym. Often the best way is to start simple and then build up from there. So, what I’d like to suggest to you as a NIBA member firm is to get started with SEGMENTATION of your contacts and customers. Imagine the difference in experience for a commodities trader who receives an email promoting opening an account. In the first email, it has a general header that seems to focus on equity indexes and has several forex symbols shown. In the second example, the entire header is...

Uncategorized

NFA Celebrates NIBA's 30th Anniversary

Congratulations to the NIBA on its 30th anniversary! As the self-regulatory organization for the derivatives industry, a critical element of NFA's mission is to ensure that all NFA Members understand their regulatory obligations. During the past few decades, NFA and the NIBA have often collaborated to develop educational materials, draft notices and deliver programs specifically customized for the NIBA's membership. NIBA Chairman and Founder Melinda Schramm and her team work tirelessly to identify these educational opportunities and ensure that each program successfully addresses the needs of derivatives professionals. For example, NFA and the NIBA recently delivered a webinar entitled "Navigating Regulatory Requirements in a Hybrid Environment." Feel free to access this informative webinar on NFA's website. NFA looks forward to...

Member Announcements

Ascent Capital Management Congratulates NIBA's 30th Anniversary

Ascent Capital Management has been an active member of the NIBA since we were established in 2011. The NIBA provides several tools to assist firms to maintain compliance with many of the regulatory changes that have become commonplace in our industry. Semi-annual meetings with various speakers on many diverse topics are just some ways that the NIBA helps keep its members up to speed and avoid regulatory issues. New products, changes to AML requirements and Cyber-Security have been some examples of past areas of education. Of course, attendees are encouraged to ask questions at the conclusion of the panel discussion to help their understanding of the topics at hand. Often the NFA participates and are always very accommodating to answer...