On Wednesday, December 16, 2015, the Commodity Futures Trading Commission (CFTC or Commission) approved for publication two proposed rules to amend existing regulations addressing cybersecurity.  The proposed rules would establish testing obligations and safeguards for the automated systems used by designated contract markets (DCMs), swap execution facilities (SEFs), swap data repositories (SDRs) (the Exchange Proposal), and derivatives clearing organizations (DCOs) (the Clearing Proposal and, together, the Proposals).¹

The Commission’s Proposals grant regulated entities with significant deference with respect to the development and implementation of policies and procedures reasonably designed to demonstrate compliance with the new cybersecurity provisions.  However, these new regulatory burdens will come with significant operational, technology, and other resource burdens, including ongoing testing and engagement with third-party service providers.  Furthermore, the scope of the Proposals for testing may extend further than similar cybersecurity standards established by other federal agencies.

The Commission unanimously approved the Proposals.  They were published in the Federal Register on December 23, 2015 and are subject to a 60-day public comment period ending on February 22, 2016.
Continue Reading CFTC Adopts Proposed Cybersecurity Regulations