Financial Industry Regulatory Authority (FINRA)
FINRA is a nonprofit organization overseen by the U.S. Securities and Exchange Commission (SEC) that regulates U.S. brokerage firms.
FINRA writes rules related to investor protection and market integrity; it examines firms for and enforces compliance with FINRA rules and federal securities laws.
Individuals and firms that want to conduct business with the investing public must achieve and maintain certification as members of FINRA.
As part of its mission to protect investors, brokerage firms, and financial markets, FINRA has specific rules related to cybersecurity that firms must comply with. The 2022 Report on FINRA’s Examination and Risk Monitoring Program gives firms information to help establish their compliance programs; it lists relevant rules, describes effective practices, and includes helpful resources. Part of this report includes regulatory obligations for cybersecurity and technology governance, including Rule 30 of the SEC’s Regulation S-P, which requires firms to have written policies and procedures that are reasonably designed to safeguard customer records and information, and FINRA Rule 4370, Business Continuity Plans and Emergency Contact Information.
These rules provides cybersecurity guidance and resources to help firms build out their cybersecurity programs and maintain compliance with these regulations. These include a Small Firm Cybersecurity Checklist, Core Cybersecurity Threats and Effective Controls for Small Firms, and a Report on Selected Cybersecurity Practices – 2018.
FINRA evaluates brokerage firms’ approaches to cybersecurity risk management by reviewing controls in several areas:
- Technology governance
- Technical controls
- Risk assessment
- Access management
- Incident response
- Vendor management
- Data loss prevention
- System change management
- Branch controls
- Staff training
It publishes Information Notices on common cybersecurity threats that broker-dealers face, including phishing, imposter websites, customer account takeover incidents, fraudulent wires of ACH transactions, and vendor breaches. FINRA also pushes out cybersecurity alerts to members based on recent attacks.
Speak With a CISO Global Security Specialist Today
Our experts maintain the most respected credentials in
the industry across cybersecurity, risk and compliance,
forensics, incident response, ethical hacking, security engineering, and more.