On July 14, 2016, NIBA hosted a cybersecurity panel focused on the new NFA requirements that became effective on March 1, 2016. Dale Spoljaric of NFA, Gil Vega of CME and Matt Kluchenek of Baker McKenzie addressed various issues and practical considerations associated with the new requirements. The panel was moderated by Jeff Henderson of Greenberg Traurig.
Dale Spoljaric focused on the new requirements and the approach that NFA is taking in connection with its audit of member firms’ policies and procedures. Mr. Spoljaric emphasized that NFA plans to provide education to its members as the new requirements are phased in, and also plans to be flexible, recognizing that a one-size-fits-all approach is not practical in light of the size and operating differences among firms. NFA recognizes the rapidly changing nature of technology and the threat to information systems, and as result encourages its members to be continually vigilant and adaptive.
Gil Vega, CME’s chief security officer responsible for global information security and cybersecurity programs, emphasized the practical steps that can be taken to best protect against breaches and disruption from unauthorized cyberattacks. He also recommended the need for constant vigilance to protect against external as well as internal threats, and emphasized that the risk of cyberbreach and attacks impacts all firms.
Matt Kluchenek provided an update regarding securities regulatory actions that have been initiated against firms for alleged deficiencies in connection with cybersecurity policies and procedures. Although neither CFTC nor NFA have to date initiated enforcement and/or disciplinary actions alleging stand-alone cybersecurity deficiencies, SEC has brought a number of actions and CFTC and NFA are likely to initiate actions in the coming months. Mr. Kluchenek also provided information for NFA member firms to consider in connection with steps that can be taken in situations where a breach had occurred.