CFTC Eyes New Cyber-Security Regulations


In the coming months the U.S. Commodity Futures Trading Commission plans to propose new regulations that aim to improve cyber-security as well as technological and operational risk management of CFTC-regulated entities.

The proposed regulations mark the next phase of the CFTC’s attempts to expand market safeguards beyond improved market and credit risk management for the over-the-counter derivatives market, according to CFTC leadership.

“The need to strengthen the security and resilience of our financial markets against cyber-attacks and technological failures is clear,” said CFTC Chair Timothy Massad. “Examples of cyberattacks or significant technological disruptions from inside and outside the financial sector are all too frequent and familiar. And the interconnectedness of our financial institutions and markets means that the failure of one institution can have significant repercussions throughout the system.”

The regulator aims to publish the proposed regulations later this year.

Potentially affected organizations, such as exchanges, clearinghouses, and swaps-date repositories, should not expect the CFTC to include prescriptive rules in the new regulations.

The proposed regulations likely will be principles-based and leave the testing of cybersecurity, technological, and operational risk management processes up to the individual organization, according to Massad.

“The CFTC does not have the resource to do the type of testing  itself,” he explained. “In fact, many major financial institutions have cyber-defense budgets that exceed the entire budget of the CFTC.”

Massad assures the industry that the regulator will increase its focus on whether organizations are following good practices and paying attention to these risk from the board room down in future CFTC examinations.

He also expects the CFTC will incorporate the proposed regulations into the core-principles that govern CFTC-regulated entities and which each organization needs to comply.

Featured image via Dollar Stock Photo

Related articles

  1. The first amendments to the CFTC's swap data reporting rules come into effect on December 5.

  2. CEDX is planning to expand its range of products in 2023, subject to regulatory approvals.

  3. The paper proposes a path forward for standard SLD documentation.

  4. Exchange group’s crypto suite has had consistent volume and open interest growth.

  5. The derivatives venue owned by FTX wanted to offer products that were not fully collateralized.