NFA Beefs Up Cybersecurity Rules for U.S. Forex Brokers

Cybercriminals seem to be stepping up their game these days, targeting forex brokers or exchanges and taking advantage of vulnerabilities in their systems. In response to these increasing incidents of hacking attacks and outages, the National Futures Association (NFA) decided to announce stricter cybersecurity requirements for U.S. forex brokers.

In case you’re wondering what the NFA does, lemme tell you that this agency is one of the watchdogs of the U.S. financial industry, along with the Commodity Futures Trading Commission (CFTC). You can read all about ’em in our School of Pipsology lesson on Forex Industry Regulators.

forex broker hackIn one of my blog posts earlier this month, I’ve shared with y’all that forex broker FXCM suffered a massive security breach involving unauthorized access to customer information, leading to a small number of wire transfers from some accounts. Later on, OANDA suffered major technical problems that prevented customers from accessing their accounts for hours, spurring speculations that another hack has taken place.

More recently, forex broker ActivTrades was also targeted by hackers who may have obtained information such as names, email addresses, and trading account numbers. However, ActivTrades promptly assured its clients that the matter has been dealt with and that account security hasn’t been compromised.

Earlier this week, Australian retail forex broker AxiTrader experienced an outage that lasted for several hours, making clients unable to login to their MT4 accounts or even contact the company directly. According to the company’s statement, this was just a glitch associated with Microsoft Azure services undergoing downtime in the region and that there were no issues regarding funding or withdrawal then.

Even though forex brokers appear quite capable of handling these incidents themselves and have assured customers that they are able to stay on top of the situation, the NFA saw fit to impose additional compliance rules in order to protect customers. These requirements have already been approved by the CFTC and are set to take effect by March 1, 2016:

  • NFA members or accredited brokers must adopt and enforce written policies and procedures to secure customer data and access to their electronic systems.
  • Each member should have an information systems security program (ISSP) in place, containing security and risk analysis, description of the safeguards against identified system threats and vulnerabilities, and processes to evaluate and appropriate measures to take in the event of a security breach.
  • The ISSP must be approved within member firms by an executive-level official and should be reviewed at least once a year.
  • Employees of these member firms should undergo cybersecurity education and training.

In addition, the NFA also provided some examples of how to go about these ISSP procedures, such as including identity and access controls, outlining risks posed by third-party service providers, and requiring complex passwords that are changed periodically among many others.

Of course retail traders like you and I also have to be extra vigilant when it comes to fraudulent attempts by hackers to access sensitive information and possibly steal our hard-earned funds. Here’s what you can do when your forex broker gets hacked.

What’s your take on these cybersecurity safeguards announced by the NFA? Will they be enough to shield U.S. forex brokers from hacking attacks and give their clients peace of mind? Don’t be shy to share your thoughts in our comments section!