On January 4, 2017, FINRA released its 2017 Regulatory and Examination Priorities Letter. In its Letter, and for the third year in row, FINRA identified cybersecurity as a top priority. FINRA stated that cybersecurity is “one of the most significant risks many firms face.”
FINRA identified two areas where it observed repeated failures by firms:
- cybersecurity controls at branch offices, and
- preservation of electronic records in “write once, read many” (WORM) format.
To underscore its point, FINRA spotlighted its December 2016 disciplinary action wherein 12 firms where collectively fined $14.4 million for WORM retention failures. Read our December 21, 2016 post about this.
Branch office controls and WORM retention are not the only top areas of cybersecurity regulatory focus. In 2015 and 2016, FINRA and the SEC brought cybersecurity enforcement proceedings for failing to safeguard customer records and information, and for failing to adopt adequate cybersecurity policies and procedures prior to a breach:
- Sterne Agee Settles With FINRA Over Laptop Privacy Breach
- SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Policies and Procedures Prior To Breach
- SEC: Morgan Stanley Failed to Safeguard Customer Data
- FINRA Imposes Fines Totaling $600,000 Against Lincoln Financial Securities and Lincoln Financial Advisors for Failure to Protect Confidential Customer Information
In 2017, we expect FINRA to execute more cybersecurity examinations than in years past. Firms — be prepared.
- Hackers are Leveraging Fear during the COVID-19 Pandemic
- No Trespassing: Can Public Websites Ever Be Off Limits?
- Cybersecurity – Global Ransomware Attack is Top of Mind with U.S. Securities Regulator
- Cybersecurity - a Top Operational Risk in FINRA’s 2017 Regulatory and Examination Priorities Letter
- Following Intense Industry Criticism, New York Overhauls Cybersecurity Requirements for Financial Services Companies
- FINRA Imposes Fines Against 12 Firms for Cybersecurity Violations
- OCC Announces Long-Awaited Fintech Charter Decision
- FCC Adopts New Consumer Privacy Rules for Internet Service Providers
- New York Announces Proposed “Groundbreaking” Cybersecurity Regulation for Financial Institutions
- Cybersecurity Programs at Securities Firms under Increasing Scrutiny by the Financial Industry Regulatory Authority (FINRA)