What Know NFA's Internal Controls Requirements


Earlier this year, the National Futures Association (NFA) put forth guidance to commodity pool operators (CPOs) on the regulator’s Compliance Rule 2-9 that took effect on April 1. The guidance (aka “the Notice”) applies to CPOs with control over customer funds. It outlines what CPOS should be doing to manage employees and how they should be supervising third parties in order to meet their obligations under the new rule focused on internal controls.  

The NFA gets that a one-size-fits-all approach does not work for CPOs. Firms vary in size and structure and typically report to multiple regulators. A CPO’s internal control systems created for another primary regulator may already be enough to meet NFA requirements 

The Notice describes the minimum components of an effective internal control program. These include: 

  • Written policies and procedures, describing the program framework completely, and including an escalation policy for regulatory reporting; 
  • A written risk assessment that is updated periodically ; 
  • A separation of duties to allow for cross-checking of functions; 
  • Safeguarding of assets; 
  • Risk monitoring by business principals and/or trading principals;  
  • Supervision and monitoring of third-party administrators; and 
  • Internal controls system recordkeeping in accordance with NFA Rule 2-10; 

Most Securities Exchange Commission (SEC)-registered investment advisory firms that are also CPOs will already satisfy the requirements of the Notice. However, it is critical that processes and procedures are adequately documented for NFA 

For more information, please consider reading the article “New Internal Control Requirements for CPOs,” by FrontLine Compliance.