Finra Releases Cybersecurity Practices Report
Eight sections with suggested practices broker-dealers should adopt
The 46-page report is based off of a targeted examination, also known as a sweep, of an assortment of firms that looked into the types of threats firms face, the parts of firms' systems that might be susceptible to an attack, and how they're handling cybersecurity threats.
The results from the sweep mirrored that of a 2011 Finra survey where firms considered their top three cybersecurity threats: hackers, insiders compromising data and operational risks (power failures, earthquakes, etc.)
The report is broken down into eight sections, each of which includes a "Principles and Effective Practices" portion that summarizes what firms should implement to best protect themselves against cybersecurity. The sections are:
·Governance and risk management for cybersecurity
·Cybersecurity risk assessment
·Technical controls
·Incident response planning
·Vendor management
·Staff training
·Cyber intelligence and information sharing
·Cyber insurance
The report falls in line with Finra's 2015 Regulatory and Examinations Priority letter released earlier this year. The letter identified cybersecurity as one of five key areas of focus for the coming year.
"Broker-dealers face a variety of rapidly evolving cybersecurity threats, which require a well-designed and adaptable cybersecurity program," said Susan Axelrod, executive vice president for regulatory operations at Finra. "Finra is keenly focused on cybersecurity, and firms must make responding to these threats a high priority. This report builds on the insights from our recent cybersecurity sweep and highlights a series of principles and effective practices that firms can adapt to their particular circumstances."
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: https://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
Waters Wavelength Ep. 342: LexisNexis Risk Solutions’ Sophie Lagouanelle
This week, Sophie Lagouanelle, chief product officer for financial crime compliance at LNRS, joins the podcast to discuss trends in the space moving into 2026.
Citadel Securities, BlackRock, Nasdaq mull tokenized equities’ impact on regulations
An SEC panel of broker-dealers, market-makers and crypto specialists debated the ramifications of a future with tokenized equities.
FIX Trading Community recommends data practices for European CTs
The industry association has published practices and workflows using FIX messaging standards for the upcoming EU consolidated tapes.
Interview: Linda Middleditch, Regnology
Regnology’s Linda Middleditch discusses its acquisition of Wolters Kluwer’s FRR business
Tokenized assets draw interest, but regulation lags behind
Regulators around the globe are showing increased interest in tokenization, but concretely identifying and implementing guardrails and ground rules for tokenized products has remained slow.
Waters Wavelength Ep. 341: Citi’s Pitts and Topa
This week, Citi’s Michele Pitts and Marcello Topa join Wei-Shen to talk about UK and EU T+1.
Why source code access is critical to DORA compliance
As DORA takes hold in EU, Adaptive’s Kevin Covington says that it is shining a light on the criticality of having access to source code.
Nasdaq’s blockchain proposal to SEC gets mixed reviews from peers
Public comment letters and interviews reveal that despite fervor for tokenization, industry stakeholders disagree on its value proposition.
