Now that so many of our day-to-day transactions, financial and otherwise, are conducted on line, more and more emphasis is being placed on cyber security. The U.S. Commodity Futures Trading Commission (CFTC) was recently hit with penalties after an internal audit. The audit found that the commission failed to correctly identify whether futures and swaps brokerage firms had sufficient policies in lace to protect cyber breaches and attacks.
According to Insurance Journal, Management Consultants PLLC and Brown and Company CPAS, at the request of the inspector general for the CFTC, completed the audit. The report stated that the CFTC did not employ a “risk-based approach” to correctly test the results of potential cyber security threats.
“Validating registrant data submitted in the assessments can enhance the agency’s ability to effectively deploy its limited staff resources and may reduce cyber security risks,” read the audit.
A major issue that auditors found was how the Division of Swap Dealer and Intermediary Oversight actually conducted the cyber security exams. They found that the CFTC only asked the brokers for information about their digital protection policies and never followed through to see if those policies and procedures were adequate.
Cyber security has been an international issue in recent months, after attacks on JP Morgan and Target, an $81 million heist from the central bank of Bangladesh, and tampering with the 2016 presidential election.
The U.S. Securities and Exchange Commission (SEC) stated in 2014 that protection from these cyber attacks was one of the focal points of its compliance examinations. From 2013 to 2015, SEC examinations were on the rise and saw a 27% increase in firms visited, with more expected. The commission has since conducted two rounds of sweeps in order to make sure that wealth managers and other brokerage firms are taking the necessary steps to protect information theft and fight back against cyber threats.
Despite the strict protection guidelines the SEC follows, the CFTC claims that it followed the SEC’s approach and that its results were “virtually identical.”