In a recent public speech, CFTC Chairman Timothy Massad described cybersecurity as “perhaps the single most important new risk to market integrity and financial stability.”  On March 18, 2015, CFTC staff conducted a roundtable regarding this topic, during which CFTC suggested possible proposed rulemaking.  CFTC staff said that CFTC is considering a rule imposing cybersecurity requirements on exchanges and clearing organizations, but one that at least initially would not apply to other market participants.  Chairman Massad indicated that a proposed rule would focus on setting standards for testing: (a) system safeguards; (b) vulnerability and penetration; (c) key controls; and (d) business recovery and disaster recovery. 

Staff suggested that proposed regulations may be based on existing “best practices” in the industry and address frequency of systems testing.  For example, staff is considering whether to define “key control testing” as an assessment of operational and automated system controls based on potential risks associated with such systems.

In light of the specificity of some of the staff comments, and the clear suggestion that rules will be forth-coming, it would be prudent for firms to start to address the risks that were noted by the CFTC staff now.  Aside from avoiding criticism by the regulator, if a cyber-penetration were to hit a firm, and that firm had failed to implement best practices known to the industry right now, the liability incurred by the firm to its customers and to other industry participants could prove to be devastating to the firm.  This is not a topic on which procrastination is prudent!

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Douglas E. Arend Douglas E. Arend

Douglas E. Arend focuses his practice on commodity futures, derivatives and securities, with an emphasis on managed funds. He represents registered and exempt investment advisers, commodity pools and hedge funds, proprietary trading firms, introducing brokers, futures commission merchants and broker-dealers. Douglas concentrates on…

Douglas E. Arend focuses his practice on commodity futures, derivatives and securities, with an emphasis on managed funds. He represents registered and exempt investment advisers, commodity pools and hedge funds, proprietary trading firms, introducing brokers, futures commission merchants and broker-dealers. Douglas concentrates on complex transactional and regulatory matters, including public and private offerings, fund formation, business structuring, registration and compliance. His public fund experience includes SEC registered offerings, and compliance with the Securities Act of 1933, the Dodd-Frank Act, the Commodity Exchange Act and CFTC regulations.

Photo of Jeffry M. Henderson Jeffry M. Henderson

Jeffry M. Henderson focuses his practice on a wide variety of compliance, regulatory, litigation and managed fund matters. In the areas of futures, derivatives, forex and securities issues, he advises a broad range of clients: broker-dealers, investment advisers, introducing brokers, futures commission merchants,

Jeffry M. Henderson focuses his practice on a wide variety of compliance, regulatory, litigation and managed fund matters. In the areas of futures, derivatives, forex and securities issues, he advises a broad range of clients: broker-dealers, investment advisers, introducing brokers, futures commission merchants, forex dealer members, commodity pool operators, commodity trading advisors and hedge fund managers. Jeffry also counsels proprietary trading firms and exempt investment managers regarding disclosure, regulatory and enforcement matters. He is also routinely involved in regulatory work and defending member firms before the SEC, CFTC, NFA and FINRA.

His industry experience began on the floor at Chicago Board of Trade and subsequently as general counsel for a publicly-traded futures commission merchant.