Anti Money Laundering Annual Review
Every Independent Introducing Broker and Futures Commission Merchant must have an Independent AML Review every 12 months. This must be done by either an outside compliance specialist or an internal source that is completely removed from the AML function. Additionally, APs must have formal AML training every 12 months. NFA has been citing deficiencies even in the case that the review falls a few days outside of the 12 month window.
Cyber Security (ISSP) Update
It has been a jusst over year since the NFA/CFTC has required documented ISSPs included in procedures. Within that year, there have been many updates and clarifications to the requirement expectations. Moreover, NFA has been reviewing current procedures and making sure the ISSP is accurate and that the NFA member is following their own procedures. For example. a Commodity Pool can be cited for documenting in the ISSP that no customer specific data is held on any computer, yet NFA may find an email with customer specific data in a folder in the pool operator’s Outlook. Now is a perfect time to review all ISSPs and update any information and changes accordingly. NFA has added a Cybersecurity section to the General Self-Exam Questionnaire for members, currently located on page 8. To review the questionnaire, click here.
Ethics
Ethics standards are an essential part of each NFA Member’s business model. Employees should receive periodic training to keep them up to date with industry standards, developments, and implications. Ethics are an important part of the member’s procedures and must be followed according to the procedures set forth by the member. NFA may find a deficiency during an exam if procedures indicate ethics training on an annual basis but employees haven’t participated in ethics training in 18 months. NFA offers an Ethics Training Policy Questionnaire. You can access by clicking here.
NFA ORS Updates
Not only are members required to update the annual questionnaire on an annual basis, but NFA ORS system must be updated timely whenever there are any changes to a members operation. This includes, email addresses, phone numbers, mailing addresses, and additional or removal of Associated Persons or Principals.
For more information regarding your compliance obligations and questions on how to avoid deficiencies, feel free to give us a call ata 630-351-8942.