US National Futures Association Adopts Notification Requirement for Certain Cybersecurity Incidents

On January 7, 2019, the US self-regulatory organization the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation. The NFA’s amendments represent the continued maturation of information security in the US financial services sector and are incremental, rather than radical, innovation. These amendments become effective April 1, 2019, and, prior to that date, the NFA will release procedures describing the manner in which NFA members should notify the association of cybersecurity incidents.

Read the full report here.


Mayer Brown LLP’s partner Jeffrey P. Taft and associate Matthew Bisanz report on the new guidance and highlight areas of interest in this Legal Update.

Matthew Bisanz

Related Content