CFTC approves rules to strengthen cyber resilience in financial markets
US exchanges, clearing houses, trade repositories and dealing platforms will have to test their systems for cyber-vulnerabilities at least once a quarter under new rules approved by the Commodity Futures Trading Commission.
Under the rules, firms must probe their systems for loopholes at least once a quarter and conduct annual breach recovery tests. External auditors must also be contracted for annual penetration testing to attempt to identify weaknesses in perimiter defences that cyber attackers could overcome.
“The rules we have finalised today will apply to the core infrastructure in our markets — the exchanges, clearinghouses, trading platforms, and trade repositories,” says Massad. “As regulators, we must not just look backwards to address the causes of past failures or crises. We also must look ahead—ahead to the new opportunities and challenges facing our markets. Financial markets constantly evolve, and we must ensure our regulatory framework is adapting to these changes.”