As the U.S. has rolled out more sanctions targeting Russia, the FBI is warning of Russian retaliation coming in the form of cybersecurity attacks. With cybersecurity and privacy concerns being a main topic of discussion during these difficult times, the team at Turnkey feels it is a good opportunity to remind readers about ISSP best practices.

NFA is monitoring the U.S. government’s sanctions imposed in response to Russia’s invasion of Ukraine and the impact of this activity on the global financial markets. NFA encourages Members to monitor the Department of the Treasury’s Office of Foreign Assets Control (OFAC) webpage for more information on current sanctions.

Cybersecurity (ISSP)

Perhaps one of the most commonly deficient areas of a firm’s compliance operations comes from its ISSP.  NFA currently tests ISSPs and has a number of areas it focuses on during audits.  The following are concerns Turnkey has seen in this area:

  • ISSP not approved in writing by senior management
  • Incomplete hardware and/or software inventory
  • Internal and external threats not adequately identified
  • Threats posed from third party vendors not addressed
  • Lack of incident response and recovery plan
  • Not reviewed annually or updated for incidents noted in prior year

As a reminder firms that have not yet updated their cybersecurity program for 2022 should do so now.

Additional tips from the Cybersecurity & Infrastructure Security Agency:

  1. Be prepared. Confirm reporting processes and minimize personnel gaps in IT/OT security coverage. Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.
  2. Enhance your organization’s cyber posture. Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.
  3. Increase organizational vigilance. Stay current on reporting on this threat. Subscribe to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.

“The Office of Foreign Assets Control (“OFAC”) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United​ States.”

Turnkey has become a leader in developing ISSP programs for NFA member firms. In fact, Turnkey was named Best Cybersecurity Solution by CTA Intelligence in 2017.  Firm’s looking for assistance in developing or updating their ISSP to conform to the latest regulatory standards should contact us today.

More About Turnkey

Regulated brokerage and trading firms have their work cut out for them in keeping up with the latest compliance obligations. Turnkey Trading Partners is an award winning firm that provides customized support to the brokerage and trading industry. We can assist Commodity Trading Advisors (“CTA”), Commodity Pool Operators (“CPO”), Introducing Brokers (“IB”), and Futures Commission Merchant’s (“FCM’s”) working within the alternative investments space.  Our team is well versed in both operational and regulatory matters relating to commodity futures, equities, bonds, options, swaps, forex, digital currency, cash and physical trading, as well as several other specialized financial markets transaction types. Not a subscriber to our newsletter? You’re missing out! Sign up and request to receive more information here.