DOCSLIB.ORG

Security Basics for Financial Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Basics for Financial Applications WHITE PAPER SECURITY BASICS FOR FINANCIAL APPLICATIONS Abstract Security is the principal requirement for online financial applications. Data privacy, customer trust, and long-term growth all depend on how secure a financial application is. As these applications are accessed from various devices and through numerous channels, financial organizations strive hard to implement a foolproof security system. In this white paper, we will discuss the core security measures that can be considered while building financial applications. We will start with core design concepts for financial applications, move on to the different security techniques and best practices, and finally, provide a basic security design for financial applications. The financial applications referred in this white paper include web applications, financial portals, and other finance domain-related online applications. Financial applications Finance applications include applications applications face a host of threats such as the required information aggregation as performing financial transactions such as identity theft, session hijacking, password well. They are integrated with core banking online banking portals, online insurance hacking etc. which has long term impact systems or finance enterprise applications, applications and such for which security is on revenue and user trust. to provide domain-specific features. a prime concern. Most of the e-commerce Additionally, they also offer a wide range of Online financial applications provide a and retail applications invariably deal personalization and customization features variety of features, such as dashboard with payment transactions and hence that enable finance organizations to launch views, reports, personalized customer security would be an important feature of personalized campaigns and features for pages, and for particular financial domains, these applications as well. Online finance targeted segments. Core security concerns of financial applications The key security aspects in financial authorization, data encryption, transport- permission models, data privacy and applications include secure authentication, level security, role-based access and robust integrity, and security extensions. Key security vulnerabilities and ways to tackle them Based on our experience in financial Man-in-the-middle attacks and details to initiate a financial transaction. applications, we have created a list of the session hijacking An effective way to prevent this attack is common security challenges, the details of to use a security token with each request In this kind of attack, the hacker may that is validated on the server-side. We will security vulnerabilities, and the effective intercept traffic between the requestor learn more about this technique and its measures to address them: and the finance portal. The first step in implementation in the following pages. Multiple sessions preventing such an attack is to use a secure transport layer, such as HTTPS, for Injection attacks Financial applications usually do not allow all secure interactions. The rule applies for The attacker can use SQL injection multiple sessions due to security and data- finance services as well. In addition to this, techniques to gain information access. The integrity concerns. Using a combination of we must encrypt secured data (such as user vulnerability can be exploited by appending the following approaches should restrict information, finance information) during SQL keywords and comments (such as these multiple sessions: transit, and decrypt before rendering to appending ‘1=1’ to the query string). the client. • Create session filters to intercept every In order to effectively mitigate this, we user request, and use a database- Request spoofing and cross-site need to: driven table to check the multiple request forgery (CSRF) session information, in order to restrict Validate all user input on the client as In such a vulnerability, the attacker may • the user sessions based on the session well as the server-side and maintain a send a forged request to the server. data blacklist of characters for this validation The attacker can gain access to request • Restricting the user sessions at the parameters using techniques such as • Encode or remove HTML and SQL- server side: Server modules (such as snooping, and can then construct an reserved characters core banking modules) keep track of attack-script to make the portal believe Use prepared statements instead user that the request is coming from a genuine • of direct SQL commands in the source. For instance, if the attacker obtains Combining these two approaches allows a application. Use object-relational the session ID or is able to intercept the truly single session-based implementation. mapping (ORM) tools, such as request, he / she can use the session Hibernate,for database interactions External Document © 2018 Infosys Limited External Document © 2018 Infosys Limited External Document © 2018 Infosys Limited External Document © 2018 Infosys Limited Key security features of online finance applications Besides core security features such as Nonrepudiation occurs based on the Endpoint security refers to protecting the authentication, authorization, single- following two criteria– The user is the endpoint device to comply with anti- sign-on, session management, account legitimate identity that sent the content/ malware and virus protection to prevent, management, financial application should performed the transaction;the content/ detect, and remediate any malicious also deal with other security such as follows: transaction details are not modified in programming on the system. This helps the middle, as data integrity is ensured in restricting any malicious program that Federated identity and access through a hashing algorithm. might be tracking keystrokes to obtain management sensitive information. Crypto libraries The identity and access management Virtual keyboards help in reducing the risk Crypto libraries are the cryptographic can be federated across the domain, and of key loggers logging keystrokes, as the libraries used in Internet standards to share the same identity store and access clicks happen only on the virtual keyboard provide encryption algorithms. manager for all user groups. This strategy to input the data. This also makes it more works best in subsidiaries and acquired The functionality includes key generation difficult for malware programs to track the entities. algorithms, key exchange agreements, and clicks and obtain the input data. However, there is a possibility that the malware Strong nonrepudiation using DS public-key cryptographic standards. For finance applications, it is recommended to can take screenshots upon each click and Nonrepudiation means that a party cannot use a salted password-hashing algorithm hence, the endpoint should be secure and deny the authenticity of their signature as discussed below. updated with respect to anti-malware upon the sending of a message. programs as well. Endpoint security – Anti-malware / In the digital world, nonrepudiation can virtual keyboards. be achieved through digital signatures. Financial application key design considerations Listed below are some of the key design • Adoption of services-oriented iteratively to ensure that the aspects that need to be kept in mind while architecture for integration – An ESB desired performance service-level developing finance applications. These middleware can be used to handle agreement (SLA) is met complex and multiple services and are additional design factors along with Scalability can be achieved by enable service-oriented integration security. using the appropriate infrastructure between different banking systems and hardware • Open standards-based technology Leveraging open-source technologies and integrations – This includes using wherever applicable Incorporation of a governance standards related to HTML, CSS, and model to proactively check the Continuous build and integration accessibility to name a few • heartbeat of the systems to ensure approach for execution –Tools such as system availability and uptime • Layered architecture using MVC Jenkins Continuous Integration can be pattern – This provides a clear layer- used to maintain build quality • Reusability and automation: Reusing wise separation of components the existing components and Performance, availability, and with each layer handling a distinct • frameworks will profoundly impact scalability –Performance should responsibility. MVC enables loose developer productivity, faster time- be thought through, right from coupling, separation of concerns, and to-market, and significantly increase the component design to the flexibility to change the components in the overall quality. Based on the given performance testing stage. In addition each layer independently business requirements, the following to performance-based design, other components are marked for reuse, • Modular and extensible component performance optimization techniques partially/completely: design –Each of the solution can be adopted, including: components will be designed such that High Level architecture of finance it can be reused for future needs The solution will also be tested applications External Document © 2018 Infosys Limited External Document © 2018 Infosys Limited A high level overview of a sample finance web application is shown below: Support, Management Client Application Content Information, Widgets Widgets Governance, Presentation Common & Layer
Load more

Recommended publications
  • Initial Public Offerings
    November 2017 Initial Public Offerings An Issuer’s Guide (US Edition) Contents INTRODUCTION 1 What Are the Potential Benefits of Conducting an IPO? 1 What Are the Potential Costs and Other Potential Downsides of Conducting an IPO? 1 Is Your Company Ready for an IPO? 2 GETTING READY 3 Are Changes Needed in the Company’s Capital Structure or Relationships with Its Key Stockholders or Other Related Parties? 3 What Is the Right Corporate Governance Structure for the Company Post-IPO? 5 Are the Company’s Existing Financial Statements Suitable? 6 Are the Company’s Pre-IPO Equity Awards Problematic? 6 How Should Investor Relations Be Handled? 7 Which Securities Exchange to List On? 8 OFFER STRUCTURE 9 Offer Size 9 Primary vs. Secondary Shares 9 Allocation—Institutional vs. Retail 9 KEY DOCUMENTS 11 Registration Statement 11 Form 8-A – Exchange Act Registration Statement 19 Underwriting Agreement 20 Lock-Up Agreements 21 Legal Opinions and Negative Assurance Letters 22 Comfort Letters 22 Engagement Letter with the Underwriters 23 KEY PARTIES 24 Issuer 24 Selling Stockholders 24 Management of the Issuer 24 Auditors 24 Underwriters 24 Legal Advisers 25 Other Parties 25 i Initial Public Offerings THE IPO PROCESS 26 Organizational or “Kick-Off” Meeting 26 The Due Diligence Review 26 Drafting Responsibility and Drafting Sessions 27 Filing with the SEC, FINRA, a Securities Exchange and the State Securities Commissions 27 SEC Review 29 Book-Building and Roadshow 30 Price Determination 30 Allocation and Settlement or Closing 31 Publicity Considerations
    [Show full text]
  • Stock in a Closely Held Corporation:Is It a Security for Uniform Commercial Code Purposes?
    Vanderbilt Law Review Volume 42 Issue 2 Issue 2 - March 1989 Article 6 3-1989 Stock in a Closely Held Corporation:Is It a Security for Uniform Commercial Code Purposes? Tracy A. Powell Follow this and additional works at: https://scholarship.law.vanderbilt.edu/vlr Part of the Securities Law Commons Recommended Citation Tracy A. Powell, Stock in a Closely Held Corporation:Is It a Security for Uniform Commercial Code Purposes?, 42 Vanderbilt Law Review 579 (1989) Available at: https://scholarship.law.vanderbilt.edu/vlr/vol42/iss2/6 This Note is brought to you for free and open access by Scholarship@Vanderbilt Law. It has been accepted for inclusion in Vanderbilt Law Review by an authorized editor of Scholarship@Vanderbilt Law. For more information, please contact [email protected]. Stock in a Closely Held Corporation: Is It a Security for Uniform Commercial Code Purposes? I. INTRODUCTION ........................................ 579 II. JUDICIAL DECISIONS ................................... 582 A. The Blasingame Decision ......................... 582 B. Article 8 Generally .............................. 584 C. Cases Deciding Close Stock is Not a Security ...... 586 D. Cases Deciding Close Stock is a Security .......... 590 E. Problem Areas Created by a Decision that Close Stock is Not a Security .......................... 595 III. STATUTORY ANALYSIS .................................. 598 A. Statutory History ................................ 598 B. Official Comments to the U.C.C. .................. 599 1. In G eneral .................................. 599 2. Official Comments to Article 8 ................ 601 3. Interpreting the U.C.C. as a Whole ........... 603 IV. CONCLUSION .......................................... 605 I. INTRODUCTION The term security has many applications. No application, however, is more important than when an interest owned or traded is determined to be within the legal definition of security.
    [Show full text]
  • The Importance of the Capital Structure in Credit Investments: Why Being at the Top (In Loans) Is a Better Risk Position
    Understanding the importance of the capital structure in credit investments: Why being at the top (in loans) is a better risk position Before making any investment decision, whether it’s in equity, fixed income or property it’s important to consider whether you are adequately compensated for the risks you are taking. Understanding where your investment sits in the capital structure will help you recognise the potential downside that could result in permanent loss of capital. Within a typical business there are various financing securities used to fund existing operations and growth. Most companies will use a combination of both debt and equity. The debt may come in different forms including senior secured loans and unsecured bonds, while equity typically comes as preference or ordinary shares. The exact combination of these instruments forms the company’s “capital structure”, and is usually designed to suit the underlying cash flows and assets of the business as well as investor and management risk appetites. The most fundamental aspect for debt investors in any capital structure is seniority and security in the capital structure which is reflected in the level of leverage and impacts the amount an investor should recover if a company fails to meet its financial obligations. Seniority refers to where an instrument ranks in priority of payment. Creditors (debt holders) normally have a legal right to be paid both interest and principal in priority to shareholders. Amongst creditors, “senior” creditors will be paid in priority to “junior” creditors. Security refers to a creditor’s right to take a “mortgage” or “lien” over property and other assets of a company in a default scenario.
    [Show full text]
  • In Re Security Finance Co
    University of California, Hastings College of the Law UC Hastings Scholarship Repository Opinions The onorH able Roger J. Traynor Collection 11-12-1957 In re Security Finance Co. Roger J. Traynor Follow this and additional works at: http://repository.uchastings.edu/traynor_opinions Recommended Citation Roger J. Traynor, In re Security Finance Co. 49 Cal.2d 370 (1957). Available at: http://repository.uchastings.edu/traynor_opinions/526 This Opinion is brought to you for free and open access by the The onorH able Roger J. Traynor Collection at UC Hastings Scholarship Repository. It has been accepted for inclusion in Opinions by an authorized administrator of UC Hastings Scholarship Repository. For more information, please contact [email protected]. 370 IN BE SECURITY FINANCE CO. [49 C.2d [So F. No. 19455. In Bank. Nov. 12, 1957.] In re SECURITY FINANCE COMPANY (a Corporation), in Process of Voluntary Winding Up. EARL R. ROUDA, Respondent, V. GEORGE N. CROCKER et at, Appellants. [1] Corporations-DissolutioD.-At common law a corporation had no power to end its existence; the shareholder.- could surrender the charter, but actual dissolution depended on acceptance by the sovereign. [2] ld.-Voluntary Dissolution-Judicial SupervisioD.-The su­ perior court has jurisdiction to supervise the dissolution of a corporation by virtue of Corp. Code, § 4607, only if the cor­ poration is "in the process of voluntary winding up," and the corporation is in the process of voluntary winding up only if a valid election to wind up has been made pursuant to § 4600. [3] 1d.-Volunta17 Dissolution-Rights of Shareholders.-Share­ holders representing 50 per cent of the voting power do not have an absolute right under Corp.
    [Show full text]
  • Frequently Asked Questions About Initial Public Offerings
    FREQUENTLY ASKED QUESTIONS ABOUT INITIAL PUBLIC OFFERINGS Initial public offerings (“IPOs”) are complex, time-consuming and implicate many different areas of the law and market practices. The following FAQs address important issues but are not likely to answer all of your questions. • Public companies have greater visibility. The media understanding IPOS has greater economic incentive to cover a public company than a private company because of the number of investors seeking information about their What is an IPO? investment. An “IPO” is the initial public offering by a company • Going public allows a company’s employees to of its securities, most often its common stock. In the share in its growth and success through stock united States, these offerings are generally registered options and other equity-based compensation under the Securities Act of 1933, as amended (the structures that benefit from a more liquid stock with “Securities Act”), and the shares are often but not an independently determined fair market value. A always listed on a national securities exchange such public company may also use its equity to attract as the new York Stock exchange (the “nYSe”), the and retain management and key personnel. nYSe American LLC or one of the nasdaq markets (“nasdaq” and, collectively, the “exchanges”). The What are disadvantages of going public? process of “going public” is complex and expensive. • The IPO process is expensive. The legal, accounting upon the completion of an IPO, a company becomes and printing costs are significant and these costs a “public company,” subject to all of the regulations will have to be paid regardless of whether an IPO is applicable to public companies, including those of successful.
    [Show full text]
  • List of All Fees for the Securitytrustsm Reloadable Visa® Prepaid Card Issued by Republic Bank of Chicago, Member FDIC, Pursuant to a License from Visa U.S.A
    CARDHOLDER AGREEMENT List of all fees for the SecurityTRUSTSM Reloadable Visa® Prepaid Card issued by Republic Bank of Chicago, Member FDIC, pursuant to a license from Visa U.S.A. Inc. All Fees Amount Details Monthly usage Monthly Fee is $7.95. The Monthly Fee is waived for the first 60 days Monthly fee $7.95 after the initial load. The Monthly Fee is also waived if you receive direct deposits of $500.00 or more every 35 days. Add money Fee of up to $5.95 may apply when reloading your Card at Retail Locations, including Green Dot® and Visa ReadyLink reload agents. This Cash reload $5.95 fee is charged by the reload agent and is subject to change. Reload locations may be found at www.insightvisa.com. Fee of up to 5% of the amount of a check loaded through third party 5%, $5.00 applications may apply, subject to a $5.00 minimum. Service is subject to Mobile check load minimum third party terms and conditions. This fee is charged by a third party and is subject to change. Spend money Per purchase transactions None No fees are assessed for domestic purchase transactions. Bill pay available when you log in to your account at Bill payment None www.insightvisa.com. There is no charge to complete a bill pay transaction. There is no charge to originate or receive transfers between your Card Card to card transfer None and another Insight-branded or SecurityTRUSTSM-branded Card. Get cash You will not be charged a fee for cash withdrawals at “in-network” ATMs.
    [Show full text]
  • •Central Securities Depository •Creating Stock •Corporate Actions •Clearance and Settlement •Fixed Income Issues •M
    ® LIFE CYCLE OF A SECURITY explores the role of central securities depositories in the United States and global capital markets, with a particular focus on the part The Depository Trust Company (DTC) plays in launching new securities issues and providing the essential services that security issuers require. The guide explains the process of creating and dis tributing stocks and bonds in the primary and secondary markets,- the details of clearing and settling retail and institutional transac tions, and the sophisticated infrastructure that enables the seamless- payment of dividends and interest, smooth management of tender offers and other corporate actions, and essential risk protection in an increasingly global environment. LIFE CYCLE OF A SECU RITY LIFE CYCLE OF A SECU RITY If trading volume between countries WHAT’S AN justifies it, CSDs are frequently linked INTERNATIONAL CSD? Central Securities Depositories electronically, and have accounts with There are currently two International The certificate stops here. each other, so that securities can be Central Securities Depositories (ICSDs), both moved electronically between them. In located in Europe: Clearstream Banking in most cases, payment for those securities Luxembourg and Euroclear Bank in Belgium. In the quest to attract capital and make shares that an issuing corporation offers is usually handled between the trading Initially created to accommodate the their economies more vibrant, most for sale in one or more countries in addi- firms’ settlement banks rather than expanding market in Eurobonds—bonds countries with active capital markets tion to its home market. This approach through the CSD, though some CSDs issued in a different currency and sold in have central securities depositories allows the corporation, working with a are equipped to handle both transfer a different country than that of the issuer, (CSDs) to provide the custody and local depositary bank, to raise capital in and payment.
    [Show full text]
  • Glossary of Bond Terms
    Glossary of Bond Terms Accreted value- The current value of your zero-coupon municipal bond, taking into account interest that has been accumulating and automatically reinvested in the bond. Accrual bond- Often the last tranche in a CMO, the accrual bond or Z-tranche receives no cash payments for an extended period of time until the previous tranches are retired. While the other tranches are outstanding, the Z-tranche receives credit for periodic interest payments that increase its face value but are not paid out. When the other tranches are retired, the Z-tranche begins to receive cash payments that include both principal and continuing interest. Accrued interest- (1) The dollar amount of interest accrued on an issue, based on the stated interest rate on that issue, from its date to the date of delivery to the original purchaser. This is usually paid by the original purchaser to the issuer as part of the purchase price of the issue; (2) Interest deemed to be earned on a security but not yet paid to the investor. Active tranche- A CMO tranche that is currently paying principal payments to investors. Adjustable-rate mortgage (ARM)- A mortgage loan on which interest rates are adjusted at regular intervals according to predetermined criteria. An ARM's interest rate is tied to an objective, published interest rate index. Amortization- Liquidation of a debt through installment payments. Arbitrage- In the municipal market, the difference in interest earned on funds borrowed at a lower tax-exempt rate and interest on funds that are invested at a higher-yielding taxable rate.
    [Show full text]
  • Can Underwriters Profit from IPO Underpricing?
    Footloose with Green Shoes: Can Underwriters Profit from IPO Underpricing? Patrick M. Corrigan† Why are green shoe options used in initial public offerings (IPOs)? And why do underwriters usually short sell an issuer’s stock in connection with its IPO? Are underwriters permitted to profit from these trading po- sitions? Scholars have long argued that underwriters use green shoe options together with short sales to facilitate price stabilizing activities, and that U.S. securities laws prohibit underwriters from using green shoe options to profit from IPO underpricing. This Article finds the conventional wisdom lacking. I find that underwriters may permissibly profit from IPO under- pricing by pairing purchases under a green shoe option with offshore short sales. I also find that underwriters may permissibly profit from IPO over- pricing by short selling the issuer’s stock in the initial distribution. The possession of a green shoe option and the ability to short sell IPOs effectively makes underwriters long a straddle at the IPO price. This posi- tion creates troubling incentivizes for underwriters to underprice or over- price IPOs, but not to price them accurately. This new principal trading theory for green shoe options and under- writer short sales provides novel explanations for systematic IPO mispric- ing, the explosive initial return variability during the internet bubble, and the observation of “laddering” in severely underpriced IPOs. This Article concludes by charting a new path for the regulatory scheme that applies to principal trading by underwriters in connection with securities offerings. Consistent with the purpose of preserving the integrity of securities markets, regulators should address the incentives of under- writers directly by prohibiting underwriters of an offering from enriching themselves through trading in the issuer’s securities.
    [Show full text]
  • Guarantees and Surety Bonds
    Guarantees and Surety Bonds Every guarantee/surety bond Guarantees and Surety Bonds must be carefully examined to By issuing a guarantee/surety bond, the bank acts as the guarantor for an obligation determine its legal significance owed by the debtor. What these two instruments have in common is the bank’s prom- and viability. ise to stand in for the payment of a debt or performance of a service should the debtor fail to fulfill his or her contractual obligations. With this promise, the bank undertakes to pay a maximum specified amount when the conditions of the guarantee/surety bond Table of Contents are met. Guarantees and Surety Bonds 1 As well as issuing guarantees and surety bonds, Credit Suisse also offers advice for Difference between a Guarantee and guarantees from third-party banks. As part of this service, Credit Suisse assesses the a Surety Bond 2 authenticity of the guarantee and advises the beneficiary (recipient of the guarantee) of any points that are unclear. Types of Guarantees 2 Types of Surety Bonds 3 A guarantee or surety bond may only be issued if the client has been granted a line of credit. The bank may require adequate collateral. Commissions and Charges 4 Some countries still require their own country or bank-specific guarantee wording. The contacts in our guarantee department would be happy to answer any specific queries you may have concerning individual countries. Direct Guarantee The bank issues the guarantee directly to the beneficiary. The guarantee is sent to the beneficiary directly by the bank, via its principal or via a third-party bank, which passes it to the beneficiary without assuming any liability of its own.
    [Show full text]
  • Takeover Threats, Job Security Concerns, and Earnings Management
    TAKEOVER THREATS, JOB SECURITY CONCERNS, AND EARNINGS MANAGEMENT Edward S. Sul A dissertation submitted to the faculty at the University of North Carolina at Chapel Hill in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Kenan-Flagler School of Business. Chapel Hill 2017 Approved By: Robert M. Bushman Mark H. Lang Bradley E. Hendricks Eva Labro Wayne R. Landsman Christian T. Lundblad © 2017 Edward S. Sul ALL RIGHTS RESERVED ii ABSTRACT Edward S. Sul: Takeover Threats, Job Security Concerns, and Earnings Management (Under the direction of Robert M. Bushman and Mark H. Lang) I exploit the international, staggered adoption of takeover laws in order to examine the effect of increased turnover sensitivity to performance on managers’ financial reporting choices. Using a difference-in-difference design, I find that the enactment of laws designed to promote takeover activity is associated with greater earnings management (abnormally high accruals, small positive earnings, discretionary earnings smoothing and poor accruals quality) and greater opacity (reduced analyst forecast accuracy and following and greater forecast dispersion). This is consistent with managers responding to increased risk of termination by distorting earnings information. As predicted, results are particularly pronounced for managers with the highest ex ante risk of termination and at firms with poor performance. The effects are mitigated in countries in which strong institutions limit the CEOs’ ability to manage earnings and create opacity. Overall, my results suggest that reforms aimed at enhancing governance through higher turnover sensitivity to performance encourage earnings management and opacity by increasing job security concerns. iii To Mom, Dad, and my loving wife, Dasol iv ACKNOWLEDGEMENTS I am grateful to my dissertation committee for their guidance and support: Robert Bushman (co-chair), Mark Lang (co-chair), Bradley Hendricks, Eva Labro, Wayne Landsman, and Christian Lundblad.
    [Show full text]
  • I:\Security Futures Investor Gu
    Table of Contents 4 Introduction 6 Part One: Futures Markets, Futures Contracts and Futures Trading 15 Part Two: Security Futures Illustrations - Opportunities, Risks and Limitations 20 Part Three: Are Security Futures For You? A Brief Guide to Due Diligence 24 NFA Information and Resources 25 Additional Resources Security Futures: An Introduction to Their Uses and Risks Financial markets today offer an ever- widening array of financial products. Among the most recent are security futures, which include futures contracts on com- mon stocks and futures contracts on a narrow-based index of securities. Security futures, which have been autho- rized by Congress, can be bought and sold for either price risk management or for speculative purposes. For many reasons, security futures may or may not be an appropriate trading vehicle for any given individual. Or they may be appropriate in some circumstances but not others. National Futures Association, a Congression- ally authorized self-regulatory organization, has prepared this booklet to provide an introduction to what security futures are, how they work, and how they can be used, as well as their risks and limitations. This booklet is not intended to serve as a formal risk disclosure statement. That document must be provided by the broker offering the product. This booklet is merely intended to be one component of the due diligence individuals are encouraged to undertake prior to making any invest- ment decision regarding security futures. For additional information, refer to NFA’s brochure, “Understanding the Opportunities and Risks in Futures Trading” and the secu- rity futures risk disclosure statement. Both documents can be found on NFA’s web site (www.nfa.futures.org).
    [Show full text]