The US Commodity Futures Trading Commission (CFTC) has adopted new rules that require US exchanges, clearing houses, trade repositories and dealing platforms to frequently test their technology for cyber vulnerabilities.

Under the new rules, firms have to look for vulnerabilities in their systems at least once a quarter.

Firms also have to test their planned responses to breaches, enterprise technology risk assessments, along with internal and external penetration testing at least annually.

Controls testing may be conducted on a rolling basis, with each key control to be tested at least every three years.

Independent contractors must be contracted to carry out the external penetration tests, and for testing an organisation’s key controls.

CFTC chairman Timothy Massad said: “The risk of cyberattack probably represents the single greatest threat to the stability and integrity of our markets today. Instances of cyberattacks are all too familiar both inside and outside the financial sector. Today, they often are motivated not just by those with a desire to profit, but by those with a desire deliberately to disrupt or destabilize orderly operations.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

That is why these system safeguard rules are so important. They will apply to the core infrastructure in our markets—the exchanges, clearinghouses, trading platforms and trade repositories. And they will ensure that those private companies are adequately evaluating cyber risks and testing their cybersecurity and operational risk defenses.”