The U.S. Commodity Futures Trading Commission (CFTC) on Thursday approved two final approved new rules that aim to guard against cyber attacks by establishing systems testing requirements, and took a step toward improved cross-border harmonization with Japan.
The system testing requirements will apply to designated contract markets, swap execution facilities, swap data repositories, and derivatives clearing organizations.
Commenting on the proposals ahead of the vote, Timothy Massad, CFTC chairman, said, “The risk of cyberattack probably represents the single greatest threat to the stability and integrity of our markets today.”
The rules proposed by the CFTC aims to ensure that derivatives market participants are adequately evaluating their cyber risks, and testing their cybersecurity and their defenses, Massad said.
“If approved, these new rules will serve as a strong and important complement to the many other steps being taken by regulators and market participants to address cybersecurity,” he added.
While support for the new rules was ultimately unanimous, Commissioner Christopher Giancarlo, expressed concern about the costs for smaller firms. “Although I would have preferred that the rule take a less one-size-fits-all approach, I am a firm supporter of effective cyber and system security policies and procedures given the serious threat that cyber belligerents pose,” Giancarlo said in voting for the new rules.
Separately, the CFTC also voted in favour of allowing substituted compliance with Japan’s margin requirements for uncleared swaps, which allows Japanese dealers to meet U.S. requirements by complying with their domestic rules. The move reflects the regulator’s commitment to international co-operation and harmonization, Massad said.