Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > Federal Regulation > FINRA

FINRA Plans Cybersecurity Exam Sweep

By Melanie Waddell

X
Your article was successfully shared with the contacts you provided.

Fulfilling its promise to scrutinize broker-dealers’ cybersecurity policies this year, the Financial Industry Regulatory Authority has issued a targeted exam letter to firms stating that the self-regulator is assessing how firms manage cybersecurity threats.

In the exam letter, FINRA states that it is conducting its assessment “in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms’ IT systems from a variety of sources, and the potential harm to investors, firms and the financial system as a whole that these threats pose.”

Specifically, FINRA says it will be looking at firms’ policies in the following areas:

—approaches to information technology risk assessment;
—business continuity plans in case of a cyberattack;
—organizational structures and reporting lines;
—processes for sharing and obtaining information about cybersecurity threats;
—understanding of concerns and threats faced by the industry;
—assessment of the impact of cyberattacks on the firm over the past 12 months;
—approaches to handling distributed denial of service (DDoS) attacks;
—training programs;
—insurance coverage for cybersecurity-related events; and
—contractual arrangements with third-party service providers

FINRA says it has four broad goals in performing its assessment:

–to understand better the types of threats that firms face;

–to increase our understanding of firms’ risk appetite, exposure and major areas of vulnerabilities in their IT systems;

–to understand better firms’ approaches to managing these threats, including through risk assessment processes, IT protocols, application management practices and supervision; and

–as appropriate, to share observations and findings with firms.

The Securities and Exchange Commission will also be assessing advisors cybersecurity procedures during exams it conducts this year.

Meanwhile, the House Committee on Homeland Security unanimously approved on Wednesday H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act of 2013.

The bill was sent to the full House for consideration.

The committee said in a statement that the Act “addresses the cyber threat by giving the Department of Homeland Security (DHS) the tools to secure our nation in cyberspace, while protecting privacy and civil liberties and prohibiting any new regulations at DHS.”

Check out House Committee OKs Cybersecurity Bill on ThinkAdvisor.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.