Beefing Up Cybersecurity
On Jan. 7, 2019 the NFA issued an amendment to the Information Systems Security Programs notice that originally came out March 2016, which requires all member firms to have a written ISSP to address the risk of a cyber hack. The amendment clarified questions regarding training of staff.
For example, the amendment requires training of employees upon hiring as well as annually thereafter, or more if needed. Other changes were made on senior official responsibilities and requirement to notify the NFA in case of a cybersecurity incident.
Moreover, NFA must be notified of the cybersecurity incidents that
- result in a loss of customer or counterparty funds or loss of a Member firm’s capital
- if a Member notifies its customers or counterparties of an incident pursuant to state or federal law
If you need an update to your Cybersecurity (ISSP) program, please call Mike Coglianese at 630-351-8942 or email Mike@cogcpa.com.