FINRA Fines Firms for Deficiencies in Cybersecurity and Recordkeeping

December 29, 2016

The Financial Industry Regulatory Authority (“FINRA”) recently announced fines against 12 broker-dealers for alleged deficiencies related to their cybersecurity and record retention practices. In each case, the firms – who have consented to the fine without admitting or denying the charges – allegedly failed to properly store electronic records in a “write once read many” format that is meant to protect records from illicit alteration. The “write once read many” format is required by FINRA rules and protects broker-dealers against malicious interference with their vital business records, whether by outside hackers or disgruntled insiders.

In total, FINRA handed down $14.4 million in fines, including to at least one broker-dealer that was in the process of correcting the deficiency before FINRA began its investigation. Two of the broker-dealers, including the broker-dealer receiving the highest fine among the group, had self-reported the deficiencies to FINRA. No allegations of data loss or records exposure have been made, highlighting the seriousness of FINRA’s response.  RIA Compliance Consultants believes that FINRA’s response to cybersecurity breaches is a good example of how a regulator may respond to a cybersecurity breach of an investment adviser.

Hackers are increasingly targeting sensitive financial data, making it more important than ever for investment adviser firms to have robust cybersecurity policies, including policies and procedures designed to protect sensitive business records. RIA Compliance Consultants has created a best practices checklist that investment adviser firms can use to supplement their discussions with IT staff and information security consultants. Click here to purchase our Cybersecurity Best Practices Checklist or click here to view our Cybersecurity Package, which includes both the checklist and our Cybersecurity for Investment Advisers webinar. If you would like more information regarding the Cybersecurity Best Practices Checklist or any of our compliance support services, contact your consultant or click here to schedule an introductory call.

Posted by Bryan Hill
Labels: Cyber Security, Cybersecurity, FINRA, Uncategorized