Broker Dealers and Registered Investment Advisors (“RIAs”) live in a time of data threats from all angles. The financial services industry is faced with many unique requirements for storing sensitive client data for extended timeframes, and by doing so, the industry has become a primary and lucrative target for scammers. The following practices help ensure that access and data integrity is controlled and tracked properly. Cybercriminals are constantly developing new ways to infiltrate systems, and the only way to mitigate the threat is to keep evaluating what your broker dealer or RIA can control and improve what it cannot control Read more about Data Storage and Cybersecurity Best Practices[…]
Twenty years ago, when all of us worked in the office, the IT department was able to manage a broker dealer’s cyber security fairly well. All of the computers worked off of a main network where various firewalls and malware protection could be maintained on a regular basis. Then comes COVID and all personnel began to work remotely. Post COVID, much of the broker dealer workforce still works remotely. It has become the new normal. How can your broker dealer’s IT department and/or vendor make sure that everyone’s computer equipment is up to date with the strongest and most current Read more about FINRA Encryption Best Practices[…]
As consultants, we can’t emphasize enough the importance of having a proactive cyber security program that is specifically tailored to protect disruption of critical systems as well as protection of sensitive data for both the firm and its customers.
FINRA recently released a podcast AML Update: The Latest Trends and Effective Practices . This podcast provides a great update on the current AML and fraud trends and best practices from Jason Foye, Senior Director of the National Cause and Finance Crimes Detection Program’s Special Investigative Unit . A few highlights from the AML update podcast: Financial Crimes Enforcement Network (FinCEN) Priorities On June 30, 2021, FinCEN posted a bulletin that set out eight priorities, focused on threats to the U.S. financial system and national security. These priorities include corruption, cybercrime (including relevant cybersecurity and virtual currency considerations), foreign and Read more about FINRA Unscripted Podcast: AML Update[…]
FINRA recently organized roundtable discussions with representatives from 20 firms of various sizes and business models to discuss their approaches to mitigating the risks from account takeovers. Account takeover attempts (ATO) are when bad actors are using stolen or synthetic identification material to open accounts at firms that they then use to generate or launder illicit proceeds. Regulators noted a post pandemic rise in online account opening. These activities make it particularly difficult, because the identities are stolen so even with a SARS filed the true identity of the bad actor is generally never known. Regulatory Notice 21-18 shares a Read more about Account Takeover Attempts[…]
Cybersecurity remains one of the principal operational risks facing broker-dealers and Registered Investment Advisers. Accordingly, FINRA and the SEC’s examiners expect firms to have reasonably designed cybersecurity programs and controls consistent with the firm business model and scale of operations to ensure that sensitive data, including client information, is not lost or misused, or accessed by unauthorized users.
Examiners continue to inquire into the Firm’s controls regarding firewalls, vulnerability, penetration testing, and training during office examinations.