October 3, 2022

Volume XII, Number 276


October 03, 2022

Subscribe to Latest Legal News and Analysis

FINRA Releases Information Notice on Cybersecurity Authentication Methods and Releases Regulatory Notice on Revised NAC Sanction Guidelines

Notice on Cybersecurity Authentication Methods

On October 15, the Financial Industry Regulatory Authority (FINRA) released an information notice (Notice) providing additional background on authentication techniques for firms to consider as they implement cybersecurity authentication programs.

The Notice provides an overview of authentication factors that may be based on various categories of information, including PINs or passwords, “hard” physical tokens (such as key FOBs) and “soft” tokens (such as mobile phone app) that generate temporary or time-based passwords.

The Notice clarifies that the use of single-factor authentication may subject broker-dealers and customers to heightened risk of attacks on password credentials, and represent the vast majority of the hacking tactics associated with reported breaches. FINRA specifically emphasized that the use of multi-factor authentication, which uses two or more different types of factors or secrets, significantly reduces the likelihood that the exposure of a single credential will result in account compromise.

The Notice is available here.

Regulatory Notice on Revised NAC Sanction Guidelines

On October 20, the National Adjudicatory Council (NAC) of the Financial Industry Regulatory Authority (FINRA) revised the Principal Considerations in Determining Sanctions section of the FINRA Sanction Guidelines to expressly contemplate a customer’s age or physical or mental impairment. In connection therewith, FINRA released Regulatory Notice 20-37.

The prior version of the FINRA’s Sanction Guidelines contained 19 Principal Considerations in Determining Sanctions that adjudicators were instructed to consider. As amended, the Sanction Guidelines now contains 20 Principal Considerations.

FINRA specified that the amendments reflect NAC’s overall concerns regarding the protection of customers, especially senior investors or mentally impaired customers. In furtherance of those concerns, FINRA amended Principal Consideration No. 19 to explicitly include customers’ mental or physical impairment. Additionally, FINRA introduced a new Principal Consideration No. 20 to consider whether the customer is age 65 and older.

The amendments to the Sanction Guidelines are effective immediately.

The notice is available here. The revised Sanction Guidelines are available here.

©2022 Katten Muchin Rosenman LLPNational Law Review, Volume X, Number 297

About this Author

Susan Light, Katten Law Firm, Finance Law Attorney, New York

Susan Light focuses her practice on financial services regulatory matters. She counsels broker-dealers, hedge funds, investment banks and financial services clients on enforcement issues involving the Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), other self-regulatory organizations (SROs) and state and federal regulatory authorities. She has particular experience related to sales practice issues, financial and operational issues, anti-money laundering, crowdfunding, cybersecurity, and cryptocurrencies.

Michael T. Foley, Katten, Lawyer, Finance, FINRA, Chicago
Special Counsel

Michael Foley represents broker-dealers, investment advisers and other financial services industry participants with respect to a broad spectrum of legal and regulatory matters arising under the federal securities laws.

Michael has nearly 20 years of experience in private practice and in-house at both a large, full-service broker-dealer and at an online discount broker-dealer, advising broker-dealers and other financial institutions regarding compliance with the federal securities and commodities laws, and with the regulations of the US Securities and Exchange...


Adam Haft is an associate in the Financial Services practice.

Bar Admissions

New York