As consultants, we can’t emphasize enough the importance of having a proactive cyber security program that is specifically tailored to protect disruption of critical systems as well as protection of sensitive data for both the firm and its customers.
FINRA recently released a podcast AML Update: The Latest Trends and Effective Practices . This podcast provides a great update on the current AML and fraud trends and best practices from Jason Foye, Senior Director of the National Cause and Finance Crimes Detection Program’s Special Investigative Unit . A few highlights from the AML update podcast: Financial Crimes Enforcement Network (FinCEN) Priorities On June 30, 2021, FinCEN posted a bulletin that set out eight priorities, focused on threats to the U.S. financial system and national security. These priorities include corruption, cybercrime (including relevant cybersecurity and virtual currency considerations), foreign and Read more about FINRA Unscripted Podcast: AML Update[…]
FINRA recently organized roundtable discussions with representatives from 20 firms of various sizes and business models to discuss their approaches to mitigating the risks from account takeovers. Account takeover attempts (ATO) are when bad actors are using stolen or synthetic identification material to open accounts at firms that they then use to generate or launder illicit proceeds. Regulators noted a post pandemic rise in online account opening. These activities make it particularly difficult, because the identities are stolen so even with a SARS filed the true identity of the bad actor is generally never known. Regulatory Notice 21-18 shares a Read more about Account Takeover Attempts[…]
Cybersecurity remains one of the principal operational risks facing broker-dealers and Registered Investment Advisers. Accordingly, FINRA and the SEC’s examiners expect firms to have reasonably designed cybersecurity programs and controls consistent with the firm business model and scale of operations to ensure that sensitive data, including client information, is not lost or misused, or accessed by unauthorized users.
Examiners continue to inquire into the Firm’s controls regarding firewalls, vulnerability, penetration testing, and training during office examinations.
An important component of financial compliance for broker-dealers is establishing message archiving for all communications relating to its business. Not only is it required by FINRA, but it can protect your Firm if there is an employee conducting unethical or illegal business activities. In a communication from Smarsh, a participant in FINRA’s Preferred Pricing Program, they state that “Broker-dealers can avoid being penalized by regulators for wrong doing among individual professionals if they can clearly demonstrate that they are proactively and sufficiently capturing and monitoring all electronic communications.”
The Covid-19 Pandemic has affected everyone, forcing many to work from home and causing an increase in the use of virtual environments. With it comes a rise in cyber-attacks, as hackers take advantage of the confusion and peoples lack of preparation to break into company networks, and trick people into revealing sensitive information. This blog post will discuss some of the common areas of deficiencies for firm’s cybersecurity training programs, and a few tips for improving those programs to keep your firm and employees protected.