Commodity Futures Trading Commission
The Commodity Futures Trading Commission (CFTC or Commission) is proposing to require that futures commission merchants, swap dealers, and major swap participants establish, document, implement, and maintain an Operational Resilience Framework reasonably designed to identify, monitor, manage, and assess risks relating to information and technology security, third-party relationships, and emergencies or other significant disruptions to normal business operations. The framework would include three components--an information and technology security program, a third-party relationship program, and a business continuity and disaster recovery plan--supported by broad requirements relating to governance, training, testing, and recordkeeping. The proposed rule would also require certain notifications to the Commission and customers or counterparties. The Commission is further proposing guidance relating to the management of risks stemming from third-party relationships.
Document Headings Document headings vary by document type but may contain the following: the agency or agencies that issued and signed a document the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to the agency docket number / agency internal file number the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details. Commodity Futures Trading Commission 17 CFR Parts 1 and 23 RIN 3038-AF23 AGENCY: Commodity Futures Trading Commission. ACTION: Notice of proposed rulemaking. SUMMARY: The Commodity Futures Trading Commission (CFTC or Commission) is proposing to require that futures commission merchants, swap dealers, and major swap participants establish, document, implement, and maintain an Operational Resilience Framework reasonably designed to identify, monitor, manage, and assess risks relating to information and technology security, third-party relationships, and emergencies or other significant disruptions to normal business operations. The framework would include three components—an information and technology security program, a third-party relationship program, and a business continuity and disaster recovery plan—supported by broad requirements relating to governance, training, testing, and recordkeeping. The proposed rule would also require certain notifications to the Commission and customers or counterparties. The Commission is further proposing guidance relating to the management of risks stemming from third-party relationships. DATES: Comments must be received on or before March 2, 2024. ADDRESSES: You may submit comments, identified by RIN number 3038-AF23, by any of the following methods: CFTC Comments Portal: https://comments.cftc.gov . Select the “Submit Comments” link for this rulemaking and follow the instructions on the Public Comment Form. Mail: Ch…
Citation: 89 FR 4706
