Privacy Policy


Privacy Statement

Our Mandate & the Processing of Personal Information

NFA is a registered futures association ("RFA") and the industrywide, self-regulatory organization ("SRO") for the U.S. derivatives industry. 

The U.S. Commodity Exchange Act (“CEA”) requires certain firms and individuals that conduct business in the U.S. derivatives industry to register with the U.S.  Commodity Futures Trading Commission (“CFTC” or "Commission").  The CFTC has delegated registration responsibility to NFA and, with few exceptions, the CFTC requires registered firms to be NFA Members (collectively, the “Registration function”). 

As an RFA and an SRO, NFA develops and enforces industrywide rules for its Members, takes disciplinary actions against its Members when appropriate, provides programs and offers services that safeguard market integrity, and helps its Members meet their regulatory obligations.  NFA also offers a variety of resources to investors including an arbitration program and an investor information program ("Outreach programs").  (All of the foregoing, the “SRO function”).

NFA also offers other ancillary services to CFTC regulated entities that are not NFA Members.  The CEA and CFTC regulations permit, but do not require, designated contract markets ("DCMs") and swap execution facilities ("SEFs") to outsource certain regulatory responsibilities to NFA as a regulatory services provider ("RSP").  NFA and the DCMs or SEFs enter into a contract, or a regulatory services agreement ("RSA"), which memorializes the mutually agreed upon terms of the relationship (the "RSP function").

We collect and process certain personal information in order to carry out the above functions and to fulfill certain other requests that you make. We process personal information in a way that is consistent with our commitment to fair and transparent information practices and the legitimate business interest of furthering the SRO function and the RSP function.

Specific details about our data processing practices can be found at the following links: 

Whose personal information we collect

We collect personal information from the following individuals:

·         Current and prospective natural person NFA Members and NFA Associates;

·         Employees at current and prospective NFA Member firms;

·         Customers and counterparties of NFA Members;

·         Individuals who visit our website;

·         Third parties who provide business services to NFA;

·         Current NFA employees; and

·         Individuals applying for careers with NFA.

Our use of personal information from NFA employees and third parties providing business services is addressed specifically in our internal policies and third-party contracts, respectively. This policy covers personal information collected from the remaining types of individuals identified above.

 

When we collect your personal information

We collect personal information from you in the following ways:

·         When you visit our website;

·         When you voluntarily provide information to us on our website, including by submitting a complaint, subscribing to email communications, or providing information through our Online Registration System;

·         When you provide information to us through email, phone, or any other means of communication;

·         When you apply for a job with us;

·         When you submit registration forms, disclosure forms, or other materials to us; and

·         When you confirm or change information about you that has been submitted by a registered entity ("Sponsor").

We may occasionally collect your personal information from a third party that provides your personal information to us, including in the following instances:

·         If you are a customer or a counterparty of an NFA Member, we may receive your personal information from the Member;

·         If you are applying to be an NFA Member or NFA Associate, we may receive personal information from your employer or Sponsor;

·         If you are applying to be an NFA Member or NFA Associate, we may receive information from third parties to support your application for membership, including providers of background check information, governments, regulatory and law enforcement agencies, and judicial bodies globally; and

·         If you are a current NFA Member or NFA Associate, we may receive information regarding you from banks, exchanges, and complaining customers or counterparties or parties to arbitration for varied purposes, including those related to your maintaining your registration status.

In addition, you may interact with us through a social media platform, such as Twitter or Facebook. When you interact with us on social media, personal information you have provided to these platforms may be visible to us. Please consult the privacy policies of these social media platforms for more information about how your personal information is handled.

 

 

What Information We Collect and How We Use It

The information we may collect about you and how we use the information depends on your relationship with us. More specifically, the following may apply depending on the ways in which you interact with NFA.

Certain portions of our site are part of or provide access to systems that contain CFTC records. When you access one of these systems, your usage may be monitored, recorded, and subject to audit, and, by your use, you consent to monitoring and recording. Unauthorized use of these systems is prohibited and subject to criminal and civil penalties. The Commission requires that you use a complex password for accessing Commission records and that you change your password at a regular interval.

When you access our site, the collection, use and distribution of your information will be handled according to the terms and policies outlined in this Privacy Policy.  If you object to the policies outlined in this Privacy Policy and the privacy impact assessment, we ask that you do not submit information or access our site.  When you access our site to provide information pursuant to CFTC regulatory requirements, as appropriate and applicable, the collection, use and distribution of your information will also be handled in accordance with the U.S. Privacy Act of 1974, and any applicable CFTC published privacy policies or notices, including those discussing the "regular use" of such information.  See https://www.cftc.gov/Transparency/PrivacyOffice/index.htm for additional information.  For example, in compliance with the Federal Information Security Management Act of 2002 (FISMA), NFA conducts an annual privacy impact assessment over those applications that facilitate NFA's administration of its CFTC delegated SRO function, including the NFA Applications System Suite ("Applications Suite"). For a detailed overview of the systems encompassed in the Applications Suite, the information that is collected and stored, and its usage, distribution and maintenance, please review the FISMA privacy impact assessment.

NFA does not request data about health or political affiliation; however, from time-to-time NFA does receive such information as part of other materials that you or others submit.  For example, such information may be revealed in arbitration proceedings. In addition to using personal information as detailed in this Privacy Policy, we may, as required or permitted by law or in the course of performing our regulatory responsibilities, provide information, such as your name and address, or any other information that you provide, without your permission to persons or organizations that request this information and are legally authorized to receive it.

Website Visitors

When you visit our site to read or download information, we collect and store the name of the domain from which you access the Internet; the browser, operating system, date and time you access our site; the Internet Protocol ("IP") address of the computer or Internet connection you use; the Internet address of the website from which you are referred to our site; and the page(s) from which you exited our site. From time to time, we may disclose this information and other information aggregated from analytic tools (see Analytics below) to third parties. NFA and some third parties use this information to meet the needs of website visitors, understand web traffic patterns and identify opportunities to improve the quality of NFA's website. If we engage a third party, the third party must contractually agree to adhere to confidentiality obligations consistent with this Privacy Policy. NFA may also use this information, and share it with certain third parties, in the course of performing its regulatory responsibilities.

Some of our applications use cookies. These cookies identify your "session." Once you exit our site, these "session cookies" expire (either when you close your browser or after 30 minutes). We also use "tracking cookies" to collect information regarding website usage (e.g., the number of visitors to different sections of our website) to analyze traffic to our website and improve user experience. More information about the specific cookies used on the NFA website is provided in the “Cookies” section below.

If you send us information such as your name, address, telephone number or email address (for example, in an email message containing an information request or a complaint), we use the information to follow up on your request. Additionally, if you provide your email address to us in order to subscribe to NFA communications, we will communicate with you by email until you choose to unsubscribe from such communications.

Current and Prospective Members

When you apply for CFTC registration and membership with NFA, we request personal information from you as necessary to evaluate your application and as required by United States law. Personal information is used to verify your identity, to evaluate your fitness for CFTC registration or NFA membership, to verify your compliance with applicable laws and regulations, to take action on your registration if necessary, to provide you with notices, to provide public-facing information about you, and for NFA’s compliance with applicable laws and regulations. For Members, this information may also be used to conduct examinations, investigate complaints, review your membership status, facilitate regulatory cooperation or any other actions deemed appropriate and/ or related to your membership.

The following types of personal information are collected from current and prospective Members:

·         Name

·         Address

·         Date of birth

·         Email address

·         Phone number

·         Fingerprints

·         Social security number or other national identification number

·         Driver’s license

·         Payment information, such as credit card number

·         Passport information

·         Gender

·         Criminal records

·         Employment status

·         Job history

·         Professional licenses

·         Employer

·         Income

·         Other financial information

·         Signature

·         Account ID

·         Disciplinary history

·         Physical characteristics

·         Regulatory or civil actions, including arbitrations

·         Information you voluntarily provide

Individuals Accessing NFA's Swaps Proficiency Requirements Learning Management System

Pursuant to Section 17(p) of the CEA, NFA imposes a proficiency requirement on persons involved in the solicitation of swaps and supervisors of such persons.  NFA Bylaw 301 requires individual NFA Members that engage in swaps activities to satisfy NFA's Swaps Proficiency Requirements.  NFA Compliance Rule 2-24 prohibits NFA Swap Dealer Members from being associated with individual persons who have not satisfied NFA's Swaps Proficiency Requirements.

When you access NFA's Swaps Proficiency Requirements Learning Management System ("SPR"), we request personal information from you necessary to verify your identity, to maintain the accuracy of NFA's SPR records, and to provide Member-facing and/or public-facing information about you.  Although voluntary to access NFA's SPR, the furnishing of the last four digits of a social security number assists NFA in identifying individuals who have completed NFA's SPR.

The following types of personal information are collected from individuals accessing NFA's SPR:

·         Name

·         Email address

·         Last four digits of social security number

·         Date of birth

·         NFA ID

·         Information you voluntarily provide

Customers & Counterparties

If you are a customer or a counterparty of an NFA Member, we will use information you voluntarily provide to respond to you and, if you are contacting NFA with complaints or concerns about a Member, we will use your information to investigate your complaint. In some instances, we may receive documents from NFA Members that include your personal information, such as information relating to your account. This information is used to verify that our Members are complying with applicable laws and regulations, as well as the terms of their NFA membership.

Job Applicants

When you apply for a job with us, we use the information you submit, such as your resume, education, and employment history, for purposes of evaluating your qualifications and contacting you regarding your application.

How Your Personal Information is Shared

Depending on your relationship with us, we may share your personal information with third parties, including our business process providers, law enforcement, and other SROs and regulatory bodies. For NFA Members, some information relating to your membership will be shared with the general public. This information may be posted on our website.  If your personal information is collected in fulfillment of CFTC regulatory requirements, any use will conform to the regular uses disclosed by the CFTC. Additionally, we may share personal information relating to your application with your Sponsor for purposes of allowing your Sponsor to update or correct your personal information.

We share personal information relating to all individuals with our business process providers, such as business software and cloud services providers, payment processors, and backup and disaster recovery providers, as is necessary for NFA to maintain its operations and provide requested products and services. In all instances, our business process providers are contractually required to treat personal information they receive as confidential and to only use the personal information to the extent necessary to provide the services NFA has requested. If you are an NFA Member, we will share your personal information with the CFTC as required by law and as detailed in our privacy impact assessment which is used to implement an information security program that effectively manages security risk in accordance with the FISMA. We may also share your information with exchanges, law enforcement bodies, regulatory bodies and arbitrators.

Analytics

NFA uses Swiftype Site Search as the search function on our website. In addition to Swiftype Site Search, NFA uses Google Analytics to collect information to enhance our search and content provided on our website. Google Analytics provides NFA with data on search usage (what visitors search for on our site, whether visitors refined a search, and where they go after searching), trending terms (what visitors are searching for) and pages (which pages on our site have the most search usage).

In order to distinguish one search from another, Google Analytics may create several tracking cookies on a visitor's computer which will expire after two years have passed since the initial visit. Google Analytics collects the Internet Protocol ("IP") addresses of computers or Internet connections used by visitors to websites on which Google Analytics has been installed. Google Analytics does not reveal or expose the IP addresses of visitors to NFA's website.

Learn more about Swiftype privacy, Google Analytics privacy and Google's own privacy policy. If you would like to opt out of sharing your data with Google Analytics, you may use Google’s opt-out browser ad-on, available here.

Cookies

Cookies are text files containing small amounts of information which are downloaded to your browsing device (such as a computer, tablet, or smartphone) when you visit a website. Cookies can be recognized by the website that placed them on your device. NFA uses a number of cookies that are necessary to site functionality, as well as cookies that are used in connection with Google Analytics. These cookies are summarized in the table below.

Strictly necessary cookies

Cookie Name

First or Third Party Cookie

Persistent or Session Cookie

Purpose cookie is used for

.CROSSAPPAUTH

First

Persistent

This cookie is created during the login process and allows authenticated users to access non-public sections of the NFA website.

_AntiXsrfToken

First

Session

This is a security cookie used to prevent cross-site request forgery, which is an attack by a malicious website on the interaction between a browser and a trusted web site.

st-sh

First

Persistent

This cookie, created by Swiftype, is used to enable search functionality on the NFA website.

NSC_*

First

Persistent

This cookie, created by NFA's load balancing technology, is used to maintain persistence for a session.

ASPSESSIONID*

First

Session

This cookie is used to track a user's session on the NFA website.

ASP.NET_SessionId

First

Session

This cookie is used to track a user's session in an application on the NFA website.

sessionTimeout

First

Persistent

This cookie is used to track the expiration of a user's session.

bhCookiePerm

First

Persistent

This cookie, created by BrowserHawk, is used to determine if a user's browser allows persistent cookies.

bhCookieSess

First

Session

This cookie, created by BrowserHawk, is used to determine if a user's browser allows session cookies.

.ASPXAUTHEAPS

First

Session

This cookie is created during the NFA employment application login process and allows authenticated users to access non-public sections of the application.

intelliboardPage

First

Session

This cookie, created by Moonami, is used to track a user's session in the NFA Swaps Proficiency Requirements application.

intelliboardParam

First

Session

This cookie, created by Moonami, is used to track a user's session in the NFA Swaps Proficiency Requirements application.

intelliboardTime

First

Session

This cookie, created by Moonami, is used to track a user's session in the NFA Swaps Proficiency Requirements application.

MoodleSession

First

Session

This cookie, created by Moonami, is used to track a user's session in the NFA Swaps Proficiency Requirements application.

 

 

 










































Analytics cookies

Cookie Name

First or Third Party Cookie

Persistent or Session Cookie

Purpose cookie is used for

_ga

First Party

Persistent

This cookie, created by Google Analytics, is used to collect information about how visitors use the NFA website. NFA uses this information to enhance the content provided on its website.

_gid

First Party

Persistent

_gat

First Party

Persistent

 








You may delete cookies or prevent cookies from being placed by accessing the settings in your web browser. However, please note that doing so may affect your ability to access secure areas of the site or properly view other parts of the site. You can find out more at http://www.allaboutcookies.org.

Do Not Track Requests

We are required by California law to disclose how we respond to web browser Do Not Track (“DNT”) signals. Because there is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

Third-party Links

NFA does not endorse or guarantee any third-party links found on this website or any third-party sites that link to NFA's website. The products and services offered on third-party sites are not products of NFA, and NFA cannot attest to the accuracy of information provided by the linked sites. You should not consider NFA's linking to any website to be an endorsement by NFA, or any of its employees, or the sponsors of the site or the information or products presented on that site.

How Your Information Is Secured

NFA is committed to having policies and procedures in place that protect its systems and networks, and that safeguard customer data.  NFA has identified, developed and maintains internal policies, procedures and controls, consistent with its own operations and risks, based on standards and best practices, including for example the National Institute of Standards and Technology ("NIST") Special Publication 800-53.  NFA has completed the Type 1 SOC 2 attestation process, which is based on the AICPA's SOC 2 Trust Services Criteria ("TSC").  Please keep in mind that transmitting information via any computer system and/ or network is never completely secure and thus any information submitted may be intercepted, collected, used or disclosed by others. Therefore, we are not responsible for the security or confidentiality of communications you send to us through any system or network.

Use of Your Information Internationally

NFA’s offices, systems, and third-party storage providers are all located in the United States. If you are located outside the United States, by submitting information to NFA, you acknowledge that your information will be transferred to the United States, as such transfer is necessary for NFA to provide its website to you, respond to your requests, process your applications, and maintain your membership information.

We may transfer your information to a third party with competent jurisdiction located outside the United States in the event that we receive a request from a third party with investigatory, regulatory, or enforcement authority. Subject to any legal or regulatory prohibitions against doing so, if you are an individual making a complaint, we will make a reasonable effort to inform you of any such transfer prior to it occurring. If you are an individual or entity who is the subject of such a complaint, such a transfer will be made only to an entity with proper investigatory, regulatory, or enforcement authority.

Rights in Your Information

Depending on the jurisdiction in which you are located, you may have rights in your personal information, such as the rights to have your information rectified, deleted, or given to you. To exercise these rights, please contact us. We will respond to your request to the fullest extent possible, subject to our legal and regulatory obligations, the legitimate business interests necessary to carry out our functions, and subject to any derogations in applicable national or local laws that may apply to your data rights.

If you have subscribed to receive email communications from NFA, you may unsubscribe at any time by clicking the “unsubscribe” link in the emails you receive, or by contacting us using the contact information provided below.

How Long Your Information Is Retained

We will store the personal information you provide for at least as long as is necessary to respond to your request, maintain your membership information, process your application, or otherwise use the information for the purposes for which it was collected. We will store your information beyond this point as necessary to fulfill our legal and regulatory obligations.

Privacy Policy Changes

NFA reserves the right to modify or update this Privacy Policy. Any modifications or updates shall be effective on posting to NFA's website. If we begin using personal information in a materially different way than what is communicated in this Privacy Policy, we will provide notice to you of such a change via email.

Contact Us

If you have any questions or comments regarding this Privacy Policy, please contact NFA's Information Center.

 

This Privacy Policy was last updated 5/18/2022.