On November 7, 2016, we published a post informing that cybersecurity is top-of-mind with FINRA, the U.S. private sector regulator of the securities industry. We also stated that FINRA will undoubtedly raise intensity on cybersecurity compliance, likely resulting in increased disciplinary actions and sanctions for violations of FINRA and SEC rules.
In the past six weeks, FINRA has taken formal disciplinary action against 13 firms for cybersecurity-related violations. On November 14, 2016, FINRA fined Lincoln Financial Services Corporation $650,000 for failing to reasonably safeguard confidential customer data.
Today, FINRA fined 12 firms a total of $14.4 million for failing to maintain millions of electronic records in “write once, read many” (WORM) format. WORM format is required, under FINRA and SEC rules, to prevent the alteration or destruction of firm records stored electronically.
FINRA’s recent flurry of enforcement activity is the result of increasing cyber-attacks upon members. Equally important, this is a clear signal that regulators will amplify their focus upon firms to ensure the safeguarding of confidential customer data and the integrity of electronic records maintained by firms.
- EU-U.S. Data Privacy Framework Advances to the Next Stage
- Changes to GLBA Safeguards Rule Affect More Than Traditional Financial Institutions
- Ransomware and Phishing Dangers On the Rise
- FTC to Embark on New Privacy Rulemaking
- Hackers are Leveraging Fear during the COVID-19 Pandemic
- No Trespassing: Can Public Websites Ever Be Off Limits?
- Cybersecurity – Global Ransomware Attack is Top of Mind with U.S. Securities Regulator
- Cybersecurity - a Top Operational Risk in FINRA’s 2017 Regulatory and Examination Priorities Letter
- Following Intense Industry Criticism, New York Overhauls Cybersecurity Requirements for Financial Services Companies
- FINRA Imposes Fines Against 12 Firms for Cybersecurity Violations