Commodity Futures Trading Commission December 23, 2015 – Federal Register Recent Federal Regulation Documents

In compliance with the Paperwork Reduction Act of 1995 (``PRA''), this notice announces that the Information Collection Request (``ICR'') abstracted below has been forwarded to the Office of Management and Budget (``OMB'') for review and comment. The ICR describes the nature of the information collection and its expected costs and burden.

The Commodity Futures Trading Commission (``Commission'' or ``CFTC'') is amending its system safeguards rules for designated contract markets, swap execution facilities, and swap data repositories, by enhancing and clarifying existing provisions relating to system safeguards risk analysis and oversight and cybersecurity testing, and adding new provisions concerning certain aspects of cybersecurity testing. The Commission is clarifying the existing system safeguards rules for all designated contract markets, swap execution facilities, and swap data repositories by specifying and defining the types of cybersecurity testing essential to fulfilling system safeguards testing obligations, including vulnerability testing, penetration testing, controls testing, security incident response plan testing, and enterprise technology risk assessment. The Commission is also clarifying rule provisions respecting the categories of risk analysis and oversight that statutorily-required programs of system safeguards-related risk analysis and oversight must address; system safeguards-related books and records obligations; the scope of system safeguards testing; internal reporting and review of testing results; and remediation of vulnerabilities and deficiencies. The new provisions concerning certain aspects of cybersecurity testing, applicable to covered designated markets (as defined) and all swap data repositories, include minimum frequency requirements for conducting the essential types of cybersecurity testing, and requirements for performance of certain tests by independent contractors. In this release, the Commission is also issuing an Advance Notice of Proposed Rulemaking requesting public comment concerning whether the minimum testing frequency and independent contractor testing requirements should be applied, via a future Notice of Proposed Rulemaking, to covered swap execution facilities (to be defined).