Sep 30, 2024 Effective October 1st, 2024 Turnkey will begin offering discounted pricing to customers choosing to work with us for certain annual review obligations. Turnkey has been a leading provider of Anti-Money Laundering (“AML”), Information System Security Program (“ISSP”), and Third-Party Service Provider (“TPSP”) program reviews for many years. Until recently Turnkey offered these services independently with no discount for conducting two or more annual reviews. Turnkey now will offer a discount to customers who choose to work with Turnkey for more than one of their AML, ISSP, or TPSP review obligations annually. Review Obligations All Commodity Futures Trading Commission (“CFTC”) registrants have ongoing annual review obligations for various compliance policies and procedures. Industry regulations and in some cases industry best practices dictate that an independent third party conduct such reviews. Turnkey is well positioned in this regard to assist our clients with their annual obligations. Turnkey also recommends, whenever possible, coordinating the firm’s compliance calendar for such reviews. In other words, if an annual review of all three policy areas is required, why not do them all at the same time? By consolidating the compliance calendar into the same period, efficiencies are gained and there is less opportunity for being late with mandated review deadlines. Turnkey’s new service offering intends to assist firms in achieving efficiencies with regular AML, ISSP, and TPSP reviews. But what are the CFTC and National Futures Association (“NFA”) obligations in these areas for annual reviews? Third Party Service Provider – (FCM, IB, CPO, CTA) A firm’s TPSP is the most recent compliance policy that is required to be reviewed at least once annually. Beginning in September of 2021, registrant NFA member firms were mandated to have a TPSP program in place. This program requires the proper evaluation and ongoing monitoring of certain third-party service vendors performing outsource functions on the firm’s behalf. Obligations for monitoring TPSP programs and vendors are provided within NFA Interpretive Notice 9079. Turnkey has observed NFA audit staff focusing on this area of compliance during nearly every examination since 2023. NFA has an unwritten expectation that firms at least once annually (if not more frequently) review their TPSP as well as all vendors covered by the TPSP. Turnkey has observed many firms incorrectly identifying vendors for their TPSP programs and worse yet firms that have not properly conducted due diligence or ongoing monitoring, let alone an annual review of the program. Turnkey is well versed in this area having created several hundred TPSP policies since 2021. We are qualified to conduct annual program reviews and to assist with vendor assessments given our position in the industry. AML – (FCM’s and IBs) AML obligations for certain CFTC registrants were established by the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001 better known as the Patriot Act. Futures Commission Merchants (“FCM”) and Introducing Brokers (“IB”) were determined under the act to have an obligation in this area. AML obligations, at least from an NFA perspective, do not apply to Commodity Trading Advisors (“CTA”) or surprisingly, commodity pool operators (“CPOs”) in the US. NFA’s rules and regulations for AML are covered under NFA Rule 2-9 but more specifically are highlighted within NFA Interpretive Notice 9045. All FCMs and IBs must have an annual (every 365 calendar days) audit of their AML program. This review must be conducted by an independent party to any AML functions. As a third party, Turnkey conducts AML program reviews for many of our clients. Turnkey is sufficiently qualified and independent of company AML obligations to satisfy this requirement for CFTC registered, NFA member firms. Cyber Security or ISSP – (FCM, IB, CPO, CTA) Between 2015 and 2016 NFA put in place an obligation on all member firms to implement a cybersecurity program. Cyber security programs are required to be designed to maximize the protection of customer personal identifying information (“PII”). Under NFA Rules 2-9, 235, and 2-49, in conjunction with NFA Interpretive Notice 9070, NFA’s ISSP framework is laid out for the industry to follow. NFA mandates that registered firms monitor and regularly review the effectiveness of their ISSP. This obligation is met by conducting an annual review of a firm’s cybersecurity program on an at least annual (12 month) basis. As a best practice, reviews in this area are typically outsourced. The reason for this decision is that in most organizations, qualified technology staff do not have the capability to review the ISSP from a CFTC or NFA compliance perspective. Most firms do not require penetration or technology testing to be conducted on an annual basis under industry regulations. Rather, a full review of the firms ISSP program for conformity with NFA Interpretive Notice 9070 should be completed. During NFA audits one of the most frequently missed or tardy items is the annual ISSP review and required testing documentation. Turnkey conducts ISSP program reviews for many of our customers and is qualified to assist in this area for many firms. Discounts Due to Synergies Each year Turnkey supports dozens of CFTC registrants through routine regulatory examinations. Through this work we have identified a weakness throughout the industry with internal controls and audit. To address this weakness, Turnkey has established a new department to focus exclusively on annual TPSP, AML, and Cybersecurity program reviews. With increasing audit scrutiny, many CFTC registrants are simply not doing a good enough job with their obligations in this space so we’re here to help! This is why we are offering our clients who conduct two or more reviews (TPSP, AML, ISSP) with Turnkey a discount on our services in this area when compared to stand alone review pricing. To learn more about how we can assist your firm to clean up this area of compliance please contact us today. You may reach us via phone at (312) 324-0040 or by clicking here.