On February 12, 2018, the Commodity Futures Trading Commission (CFTC) issued an order requiring AMP Global Clearing, a registered Futures Commission Merchant (FCM), to pay a civil penalty of $100,000 due to its failure to diligently supervise its IT provider in implementing AMP’s Information Systems Security Program. The order came after a third party was able to gain access to AMP customer records without authorization through a vulnerability in AMP’s network. The vulnerability had not been detected in three consecutive quarterly network risk assessments, despite the fact that security breaches resulting from similar vulnerabilities—including a number that occurred on network devices manufactured by the same manufacturer as AMP’s—had…