On November 12, the Commodity Futures Trading Commission (CFTC) published a proposed rule that would amend CFTC Regulation 160.30 by establishing specific requirements for policies and procedures to protect customer records and information (Detailed Requirements). The Detailed Requirements were inadvertently deleted in a 2011 amendment to the regulation.
The Detailed Requirements are consistent with section 501 of the Gramm-Leach Bliley Act, pursuant to which part 160 of the CFTC’s regulations was adopted. The Detailed Requirements clarify that the policies and procedures must be reasonably designed to:
- Insure the security and confidentiality of customer records and information;
- Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and
- Protect against unauthorized access to or use of customer records or information that could result in substantial information to any customer.
The proposed rule has a 30-day comment period following publication in the Federal Register.
The Proposed Rule is available here.