November 29, 2020

Volume X, Number 334


FINRA (Financial Industry Regulatory Authority) to Examine Broker-Dealers for Cybersecurity Threats

FINRA to Examine Broker-Dealers for Cybersecurity Threats

In its 2014 Regulatory and Examination Priorities Letter, FINRA noted that cybersecurity remains a priority and that it will focus on "the integrity of firms’ policies, procedures and controls to protect sensitive customer data." In line with this priority, FINRA announced a Targeted Examination Letter detailing its intention to conduct an assessment of firms’ approaches to managing cybersecurity threats, which FINRA noted may cause potential harm to investors, firms, and the financial system as a whole. FINRA intends to survey and assess about 20 firms with a variety of business models. FINRA’s assessment will focus on areas relating to cybersecurity, including:

  • business continuity plans in the event of a cyber-attack;

  • understanding concerns and threats faced by the industry;

  • assessing the impact of cyber-attacks on the firm over the past year;

  • training programs;

  • insurance coverage for cybersecurity-related events; and

  • arrangements with third-party service providers.

FINRA hopes that its assessment will help it achieve four broad goals: (1) to better understand the threats that firms face; (2) to increase its understanding of firms’ risk appetites, exposure, and major areas of vulnerabilities in their IT systems; (3) to better understand how firms could and do manage these threats; and (4) to share observations and findings as appropriate.

While one of FINRA’s goals appears to be information sharing, broker-dealers should understand that FINRA could take action based on examination findings of weaknesses in cybersecurity controls. At a minimum, broker-dealers should have a process in place for checking cyberthreats and protecting data should an attack occur.

Copyright © 2020 Godfrey & Kahn S.C.National Law Review, Volume IV, Number 106



About this Author

Chris Cahlamer Investment Management Attorney

Chris Cahlamer is the team leader of the firm’s Investment Management Practice Group, where he practices in investment management and securities law, focusing on investment companies, investment advisers, regulatory examinations, new product development, SEC compliance and reporting obligations, CCO support, private fund formation and operation, investment company reorganizations, investment advisor mergers and acquisitions, and general corporate and board fiduciary issues.

Chris earned his law degree, summa cum laude, at Marquette University Law School. While there, he...