Desktop version

Home arrow Sociology arrow The socially savvy advisor

WHAT FINRA AND THE SEC SAY

Both the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) released cybersecurity guidance in 2014, setting the tone for examinations and how advisors and firms should set their priorities. At a higher level, the regulators are looking at:

■ The security of devices (computers, phones, and tablets) and networks

■ How client data is handled and protected

■ The validity of written supervisory procedures to include focus on handling incidents

■ How business continuity will provide a recovery path from a security incident

■ Are firms acquiring cyber-specific insurance coverage

FINRA, through its January 2014 Examination Letter, says it's attempting to understand:[1]

■ The types of threats

■ Where vulnerabilities may exist within firms

■ Firms' existing approaches to cybersecurity risks

■ Ways to share observations and findings with firms

In April 2014, the SEC held a Cybersecurity Roundtable in which Chairwoman Mary Jo White underscored the “compelling need for stronger partnerships between the government and private sector” to maintain the integrity of the markets and protect customer data.

The SEC also announced it would be conducting examinations of 50 broker/dealers and RIAs to further understand, among other things[2]:

■ An entity's cybersecurity governance

■ Assessment of risks

■ Protection of networks and information

In short, regulators are trying to understand where the gaps are and how to address them going forward.

  • [1] SEC's Office of Compliance Inspections and Examinations, Cybersecurity Initiative, sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix++4.15.14.pdf.
  • [2] Blane Warrene, “Running WordPress Securely,” Investment News, April 29, 2014. investmentnews.com/article/20140429/BLOG02/140429895.
 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >

Related topics