Business and Legal Insights

Financial Industry Regulatory Authority (FINRA) imposes sweeping $14.4 million in fines against 12 firms for cybersecurity violations.

On November 7, 2016, we published a post informing that cybersecurity is top-of-mind with FINRA, the U.S. private sector regulator of the securities industry. We also stated that FINRA will undoubtedly raise intensity on cybersecurity compliance, likely resulting in increased disciplinary actions and sanctions for violations of FINRA and SEC rules.

In the past six weeks, FINRA has taken formal disciplinary action against 13 firms for cybersecurity-related violations. On November 14, 2016, FINRA fined Lincoln Financial Services Corporation $650,000 for failing to reasonably safeguard confidential customer data.

Today, FINRA fined 12 firms a total of $14.4 million for failing to maintain millions of electronic records in “write once, read many” (WORM) format. WORM format is required, under FINRA and SEC rules, to prevent the alteration or destruction of firm records stored electronically.

FINRA’s recent flurry of enforcement activity is the result of increasing cyber-attacks upon members. Equally important, this is a clear signal that regulators will amplify their focus upon firms to ensure the safeguarding of confidential customer data and the integrity of electronic records maintained by firms.

Relevant Resources

• FINRA on Cybersecurity
• FINRA Fines 12 Firms a Total of $14.4 Million for Failing to Protect Records From Alteration