The US Commodity Futures Trading Commission (CFTC) is currently consulting on new operational resilience rules for organizations and firms that is regulates.
CFTC is proposing to require that futures commission merchants, swap dealers, and major swap participants establish, document, implement, and maintain an operational resilience framework ‘reasonably designed to identify, monitor, manage, and assess risks relating to information and technology security, third-party relationships, and emergencies or other significant disruptions to normal business operations’.
CFTC proposes that the framework will include three components:
- An information and technology security program,
- A third-party relationship program, and
- A business continuity and disaster recovery plan.
The above will be supported by broad requirements relating to governance, training, testing, and recordkeeping.
The proposed rule would also require certain notifications to the Commission and customers or counterparties.
The Commission is also proposing guidance relating to the management of risks stemming from third-party relationships.
CFTC is inviting comments on the proposed rules by March 2, 2024.