Apr 23, 2025 Streamline Your Annual Compliance & Save with Turnkey’s Discounted Review Bundles Turnkey Trading Partners offers discounted pricing for clients engaging us for multiple annual review obligations, enhancing efficiency and value. As a long-standing, trusted partner for Anti-Money Laundering (AML), Information System Security Program (ISSP), and Third-Party Service Provider (TPSP) program reviews, we provide savings when you bundle two or more of these critical annual assessments with us. Meeting Your Annual Review Mandates All CFTC registrants face recurring annual obligations to review key compliance policies and procedures. Regulatory requirements, and often industry best practices, emphasize the need for independent third-party reviews. Turnkey is ideally positioned to fulfill this role for our clients. We also strongly advocate for coordinating your firm’s compliance calendar whenever feasible. If reviews are needed across AML, ISSP, and TPSP, conducting them concurrently saves time, reduces complexity, and minimizes the risk of missing crucial deadlines. Our bundled service offering is designed specifically to help firms achieve these efficiencies. Let’s break down the CFTC and NFA expectations for these annual reviews: Third-Party Service Provider (TPSP) Review – (FCM, IB, CPO, CTA) The TPSP review requires an annual assessment. Since September 2021, NFA member firms must maintain a TPSP program, involving rigorous evaluation and ongoing monitoring of key outsourced service providers (as outlined in NFA Interpretive Notice 9079). Turnkey consistently observes NFA auditors scrutinizing this area during exams. There’s a clear (though unwritten) NFA expectation for firms to review their TPSP program and associated vendors at least annually. Common pitfalls we’ve seen include firms misidentifying vendors, inadequate due diligence, insufficient ongoing monitoring, and neglecting the annual program review entirely. Having developed hundreds of TPSP policies since 2021, Turnkey possesses deep expertise to conduct thorough annual program reviews and assist with vendor assessments from an independent industry perspective. Anti-Money Laundering (AML) Audit – (FCMs and IBs) Stemming from the USA PATRIOT Act of 2001, AML obligations apply specifically to Futures Commission Merchants (FCMs) and Introducing Brokers (IBs) among CFTC registrants (CTAs and CPOs are generally excluded under NFA’s view). NFA Rule 2-9 and, more pointedly, Interpretive Notice 9045 detail these requirements. A critical mandate is an annual AML program audit (strictly within every 365 calendar days) performed by a party independent of the firm’s AML functions. As an external third party, Turnkey routinely conducts these AML program reviews for numerous clients, meeting the necessary qualifications and independence standards for CFTC-registered NFA members. Cybersecurity (ISSP) Review – (FCM, IB, CPO, CTA) Between 2015 and 2016, NFA mandated that all member firms implement a cybersecurity program (ISSP) focused on safeguarding customer Personally Identifiable Information (PII). Governed by NFA Rules 2-9, 2-35, 2-49, and Interpretive Notice 9070, this framework requires firms to monitor and regularly assess their ISSP’s effectiveness. This translates to an annual review (at least every 12 months). Outsourcing this review is a common best practice, as internal IT staff often lack the specific CFTC/NFA compliance perspective needed, while extensive annual penetration testing isn’t typically mandated. A frequent finding during NFA audits is a missed or late annual ISSP review and inadequate testing documentation. Turnkey performs ISSP program reviews for many customers and is well-equipped to guide firms in this vital area. Leveraging Synergies for Stronger Compliance & Savings Through supporting dozens of CFTC registrants during regulatory exams each year, Turnkey has identified prevalent weaknesses in internal controls and audit functions across the industry. To address this, we have a dedicated department focused solely on annual TPSP, AML, and Cybersecurity program reviews. With regulatory scrutiny intensifying, many firms struggle to adequately meet their obligations – and we’re here to bridge that gap! That’s precisely why we offer discounts to clients who partner with Turnkey for two or more of these annual reviews (TPSP, AML, ISSP), compared to our standalone pricing. Ready to enhance your compliance framework and take advantage of these savings? Contact us today to learn how Turnkey can help solidify this crucial area for your firm. Reach us by phone at (312) 324-0040 or simply click here.