Jul 31, 2024 Turnkey periodically shares common audit deficiencies observed in National Futures Association (“NFA”) exams. Typically supporting 10 to 15 audits simultaneously, we gain insight into the areas the NFA emphasizes most. In our feature article, we have summarized the recent top four focus areas during NFA exams and offer tips and provide further resources on how to prepare. 1. NFA Bylaw 1101 Violations NFA Bylaw 1101 prohibits NFA members from conducting business with non-members who are required to register with the CFTC as an FCM, IB, CPO, or CTA. Each member firm must have procedures in place to comply with this regulation, including reviewing NFA BASIC before opening new accounts, scrutinizing third-party account controllers, and confirming the proper registration of pooled investment vehicles. Additionally, firms must ensure that individuals conducting sales activities are registered as APs, and that branch offices are not separate legal entities. Proper implementation of these policies is essential for compliance, and NFA staff will review these procedures during member evaluations. For a more detailed explanation of NFA Bylaw 1101 please see our full length article: Revisiting NFA Bylaw 1101 2. Record Keeping Issues Turnkey Trading Partners has constantly emphasized the importance of CFTC supervision and record-keeping, particularly in internal and client communications leading to trade execution. Building on that, Turnkey now offers a step-by-step guide to establishing a robust digital record-keeping and retention program. This guide helps businesses meet regulatory obligations while enhancing data integrity, security, and operational efficiency. Key steps include understanding regulatory requirements like CFTC Regulation 1.31 and NFA Compliance Rule 2-10, developing a comprehensive record-keeping policy, categorizing and classifying data, establishing access controls, and implementing version control. Utilizing reputable document management systems (DMS) such as Dropbox and Microsoft SharePoint ensures organized and secure digital file management. Furthermore, businesses should apply encryption and security measures, conduct regular audits, and establish backup and disaster recovery procedures. Employee training on compliance, along with consultation for aligning processes with regulations, is crucial. Secure document destruction procedures at the end of their retention period and regular policy updates ensure the record-keeping system remains effective and compliant. Implementing these measures transforms record-keeping from a regulatory requirement into a strategic asset, balancing compliance and operational efficiency. For more please see our article : Building a Robust CFTC and NFA Record Keeping Program 3. Lapses in Training To ensure compliance with NFA requirements and maintain the highest standards of industry practice all associated persons and any individuals within a NFA regulated company are mandated to complete comprehensive training annually. This training includes critical modules on Cybersecurity, Anti-Money Laundering, Ethics, Identity Theft, and Market Regulation. Customer Protection Rule course is also available upon request. While employees without access to sensitive data are required to complete at least the Cybersecurity training, it is strongly recommended that everyone take the full suite to remain thoroughly informed. Additionally, to keep all personnel up-to-date with industry changes, we provide Quarterly updates on new regulations and developments. This training is crucial for meeting compliance standards and adapting to the dynamic industry landscape. Turnkey offers a comprehensive training package that will keep our clients well informed and compliant. To learn more about Turnkey’s Training Program please visit us here. 4. Inability to Provide Annual Attestations Firms must execute and keep a variety of annual attestations, including those for Policies and Procedures, Business Continuity & Disaster Recovery Plan Testing, Anti-Money Laundering Program, NFA Self-Examination Questionnaire, Information Systems Security Program, and Third-Party Service Provider Program. The signatories, usually firm Principals or relevant managers, must ensure each attestation is signed and dated. Additionally, any material policy updates should be acknowledged in writing by staff and APs, either through printed and signed acknowledgements or via e-signature platforms like Docusign. This process helps firms meet regulatory expectations and maintain organized compliance records. For more on this subject please read: Annual Attestation Anxiety: A Guide to Supervisory Reviews Still Confused? If you have any further questions, want to learn more, or would like to see how Turnkey Trading Partners can help your firm, please let us know by filling out our contact form and one of our team members will be in touch with you within 24 hours.