NATIONAL FUTURES ASSOCIATION
Information Systems Security Programs - Cybersecurity
On October 23rd the National Futures Association (“NFA”) announced the adoption of the interpretive notice regarding NFA Compliance Rules 2-9, 2-36 and 2-49. The purpose of the interpretive notice was to address information systems security programs – cybersecurity. The interpretive notice entitled Information Systems Security Programs (“Cybersecurity Interpretive Notice”) was recently approved by the Commodity Futures Trading Commission (“CFTC”). The Cybersecurity Interpretive Notice requires Member firms to adopt and enforce written policies and procedures to secure customer data and access to their electronic systems. The terms of the Interpretive Notice become effective March 1, 2016, for all NFA Members.
As noted in the October 23rd Notice the Members, the NFA stated that the purpose of the Cybersecurity Interpretive Notice was adopt a principles-based risk approach that would provide flexibility for Member firms to develop a bespoke information systems security program (“ISSP”) appropriate for the Member’s business operations. The Notice to Members I-15-23 provides the following:
- Key areas to be covered by a Member firm’s ISSP;
- Requirements to conduct reviews of a firm’s ISSP and to conduct personnel training;
- Available resources to assist with the development and adoption of appropriate ISSP – the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (“NIST Cybersecurity Framework”); and
- Safeguards that should be considered when developing the firm’s ISSP.
The complete Cybersecurity Interpretive Notice is available online and becomes effective March 1, 2016.
Quarterly Financial Reports
The third quarter financial reports for commodity pool operators (“CPOs”) and commodity trading advisors (“CTAs”) are due in November.
CTAs are required to file quarterly reports (“Form CPR”) providing the regulators with general information about the CTA and its trading programs. CTA filing requirements are covered under NFA Compliance Rule 2-26. The CTA quarterly reports are due November 16th for the period ending September 30th.
Each CPO that operates pools for which it has reporting obligations under Part 4 of CFTC’s regulations must report on a quarterly basis with the NFA or CFTC specific information about the firm and the pools that is operates. The CPO quarterly reports (“Form PQR”) are due November 30th for the period ending September 30th.
Form CPR and Form PQR are to be filed through the NFA’s EasyFile system.
BUREAU OF ECONOMIC ANALYSIS
Deadline for Submitting the BEA Form BE-180
The deadline for submitting the Bureau of Economic Analysis (the “BEA”) 2014 Benchmark Survey of Financial Services Transactions between U.S. Financial Services Providers and Foreign Persons (“Form BE-180”) is approaching. Form BE-180 is a five-year benchmark survey conducted by the U.S. Department of Commerce to gather data about transactions between U.S. financial services providers and foreign persons.
If the U.S. Reporter (defined as any U.S. person that had foreign affiliates during fiscal year 2014) was notified by the BEA and has a BEA identification number below 140012490 or the U.S. Reporter was not notified by the BEA and did not receive an identification number, then the filing deadline is November 1, 2015.
If the U.S. Reporter was notified by the BEA and has a BEA identification number that is above 140012490, then the deadline to file is December 1, 2015.
For a complete summary of the Form BE-180 and filing requirements, please refer to the write-up provided on Ruddy Law Office, PLLC’s website.
For further information about any of the topics covered, please feel free to contact the Ruddy Law Office, PLLC (www.ruddylaw.com) or 202-797-0762.