Cybersecurity Exam Observations and Effective Practices
Cybersecurity remains one of the principal operational risks facing broker-dealers and Registered Investment Advisers. Accordingly, FINRA and the SEC’s examiners expect firms to have reasonably designed cybersecurity programs and controls consistent with the firm business model and scale of operations to ensure that sensitive data, including client information, is not lost or misused, or accessed by unauthorized users.
Examiners continue to inquire into the Firm’s controls regarding firewalls, vulnerability, penetration testing, and training during office examinations.